TUCoPS :: HP/UX :: vvault1.htm

HP-UX VirtualVault A.01.01 stale data vulnerability 
Vulnerability

    Some CGIs on VirtualVault A.01.01

Affected

    VirtualVault Transaction Server version A.01.01 only.

Description

    The VirtualVault  Transaction Server  product provides  for secure
    data connections to CGI programs. If the CGI program invoked  does
    not completely read its input data, subsequent CGI programs  could
    receive a previous CGI's input  data.  This data corruption  could
    result in users requests being  refused by the CGI, or  stale data
    being input (and visible) into the current CGI.

Solution

    The  problem  can  be  eliminated  by  applying  a  patch  to your
    installation.

    Hewlett-Packard  recommends  that  PHSS_10337  is  applied  to all
    systems running VirtualVault  Transaction Server Version  A.01.01.
    Note  that  this  patch  is  not  needed  for  versions A.01.00 or
    A.02.00, as the problem does not exist in these versions.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH