× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



The specific vulnerability should have a CVE, look that up on mitre and see if it actually relates to IBM i? That might be what IBM mean by 'not using' the stack, could be a simple explanation!

It may also be worth asking Tenable if Nessus can even detect the QHTTPSVR or has any specific tests for it. It does not appear well represented here:

https://www.tenable.com/plugins/search?q=ibm+iseries&sort=&page=1 <https://www.tenable.com/plugins/search?q=ibm+iseries&sort=&page=1>

https://www.tenable.com/plugins/search?q=QHTTPSVR&sort=&page=1 <https://www.tenable.com/plugins/search?q=QHTTPSVR&sort=&page=1>

-Stuart

On 15/08/24 08:29, DEnglander--- via MIDRANGE-L wrote:
Thank you to all who replied. One thing I forgot to mention was that when
the QHTTPSVR subsystem is ended and the scan rerun, the vulnerability goes
away. The only jobs in that subsystem are: ADMIN, ADMIN1, ADMIN2, ADMIN3,
ADMIN4, and ADMIN5. However, another scan was run and now, even without
the QHTTPSVR running, Nessus is still listing the vulnerability.

I reported this to IBM, but their answer is no different. IBM's response
is to ask Nessus what is causing the error to happen when there is no Trek
stack used. No response from Nessus yet.

Doug


"CONFIDENTIALITY NOTICE: This e-mail transmission (and/or the attachments accompanying it) contain confidential information belonging to the sender. The information is intended only for the use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of the information is strictly prohibited. Any unauthorized interception of this transmission is illegal under the law. If you have received this transmission in error, please promptly notify the sender by reply e-mail, and then destroy all copies of the transmission."

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.