Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow

high Nessus Plugin ID 11939

Language:

Synopsis

A web application running on the remote host is prone to buffer overflow attacks.

Description

The foxweb.dll or foxweb.exe CGI is installed.

Versions 2.5 and below of this CGI program have a remote stack buffer overflow. A remote attacker could use this to crash the web server, or possibly execute arbitrary code.

** Since Nessus just verified the presence of the CGI but could ** not check the version number, this might be a false alarm.

Solution

Unknown at this time.

See Also

https://seclists.org/vulnwatch/2003/q3/95

Plugin Details

Severity: High

ID: 11939

File Name: foxweb_dll.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 12/4/2003

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/4/2003

Reference Information

CVE: CVE-2003-0762

BID: 8547