IBM Support

Web server may be affected by a buffer overflow vulnerability - IBM Server

Troubleshooting


Problem

According to the scan report by Nesuss tool, the below test case will be highlighted as false alert which is not a vulnerability in the remote system: Reported By Nessus 17231 - CERN httpd CGI Name Handling Remote Overflow More description from the report: The remote web server stopped responding after sending it a GET request for a CGI script with a arbitrary long file name. This is known to trigger a heap overflow in some servers like CERN HTTPD. An attacker may use this flaw to disrupt the remoteservice and possibly even run malicious code on the affected host subject to the privileges under which the service operates.

Resolving The Problem

Source

RETAIN tip: H212009

Symptom

According to the scan report by Nesuss tool, the below test case will be highlighted as false alert which is not a vulnerability in the remote system:

Reported By Nessus


  17231 - CERN httpd CGI Name Handling Remote Overflow

More description from the report:

The remote web server stopped responding after sending it a GET request for a CGI script with a arbitrary long file name. This is known to trigger a heap overflow in some servers like CERN HTTPD. An attacker may use this flaw to disrupt the remote service and possibly even run malicious code on the affected host subject to the privileges under which the service operates.

Affected configurations

The system may be any of the following IBM servers:

  • System x3530 M4, type 7160, any model
  • System x3530 M4, type 7160 E5-xxxxV2, any model
  • System x3630 M4, type 7158, any model 
  • System x3630 M4, type 7158 E5-xxxxV2, any model

This tip is not software specific.

This tip is not option specific.

The Nessus utility is affected.

The following system firmware level(s) are affected:

  • IMM Build ID:
    • 1AOO50I Revision 3.68

Additional information

The symptom is reported when users run the Nessus tool, which is used to identify network vulnerabilities on remote systems.

Investigation shows that there is a firewall on rate limiter feature to be activated once threshold is reached. Disabling rate limiter temporarily will prevent this issue from happening.

If rate limiter identifies the condition, it will trigger Nessus to report this false alert above which is not a true vulnerability. The rate limiter feature is a solution to limit the flood of traffic from ruining the private/public network.

No workaround or fix is needed for this false alert.

Document Location

Worldwide

Operating System

System x:Operating system independent / None

[{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"QU01GCQ","label":"System x->System x3530 M4->7160"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"QU91NCW","label":"System x->System x3630 M4->7158"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
30 January 2019

UID

ibm1MIGR-5094652

Page Feedback