iPlanet Web Server shtml File Handling Remote Overflow

critical Nessus Plugin ID 10538

Synopsis

The remote web server is affected by a buffer overflow vulnerability.

Description

It is possible to make the remote iPlanet web server execute arbitrary code when requesting a too long .shtml file (with a name longer than 800 chars and containing computer code).

An attacker may use this flaw to gain a shell on this host

Solution

There is no known solution at this time.

Plugin Details

Severity: Critical

ID: 10538

File Name: iws_shtml.nasl

Version: 1.26

Type: remote

Family: Web Servers

Published: 10/26/2000

Updated: 7/12/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, www/iplanet

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/26/2000

Reference Information

CVE: CVE-2000-1077

BID: 1848

Detections

Analytics