WebServer 4 Everyone Host Field Header Buffer Overflow

medium Nessus Plugin ID 11167

Synopsis

The remote web server is prone to a buffer overflow attack.

Description

The remote web server is running a version of WebServer 4 Everyone that crashes when it receives a request for a long filename (2000 bytes) and the Host request header is set to '127.0.0.1'.

Solution

Unknown at this time.

See Also

https://seclists.org/bugtraq/2002/Oct/340

Plugin Details

Severity: Medium

ID: 11167

File Name: ws4e_too_long_url.nasl

Version: 1.28

Type: remote

Family: Web Servers

Published: 11/25/2002

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: www/webserver4everyone

Excluded KB Items: www/too_long_url_crash

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2002-1941

BID: 6034