From; Computer Associates http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32455 Hewlett-Packard HTTP Server buffer overflow vulnerability Date Discovered: Monday, February 14, 2005 Date Published: Tuesday, March 08, 2005 Last Updated: Tuesday, March 08, 2005 The information below provides details about this vulnerability. Threat Assessment Overall Risk: High Impact: High Popularity: High Simplicity: High Vulnerability Description Vulnerability ID: 32455 Discovered By: Hewlett-Packard Security Team Exploitable Locally: No Exploitable Remotely: Yes Impact: A remote attacker can cause a denial of service condition or execute arbitrary code. Root Cause: Software Vulnerability Hewlett-Packard Web-Enabled Management Software HTTP Server contains a vulnerability that can allow a remote attacker to cause a denial of service condition or execute arbitrary code. The vulnerability is due to an unclear design error within the application. If exploited a remote attacker can cause a denial of service condition or execute arbitrary code. Recommendations Affected Technologies References Recommendations Return to top Affected Technologies Hewlett-Packard : HTTP Server 5 Hewlett-Packard : HTTP Server 5.0 Hewlett-Packard : HTTP Server 5.3 Hewlett-Packard : HTTP Server 5.92 Hewlett-Packard : HTTP Server 5.93 Hewlett-Packard : HTTP Server 5.95 *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member