Web Server HTTP Header Handling Remote Overflow

high Nessus Plugin ID 11078

Synopsis

The remote host is running a web server with a remote buffer overflow vulnerability.

Description

It was possible to kill the web server by sending an invalid request with a long header name or value.

A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code.

Solution

Upgrade to the latest version of the software or protect it with a filtering reverse proxy.

Plugin Details

Severity: High

ID: 11078

File Name: www_too_long_header.nasl

Version: Revision: 1.27

Type: remote

Family: Web Servers

Published: 8/14/2002

Updated: 5/27/2014

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Detections

Analytics