CERN httpd CGI Name Handling Remote Overflow

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.

Synopsis :

The remote web server may be affected by a buffer overflow

Description :

The remote web server stopped responding after sending it a GET
request for a CGI script with a arbitrary long file name. This is
known to trigger a heap overflow in some servers like CERN HTTPD. An
attacker may use this flaw to disrupt the remote service and possibly
even run malicious code on the affected host subject to the privileges
under which the service operates.

Solution :

Contact the vendor for a patch or move to another server.

Risk factor :

High / CVSS Base Score : 7.5

Family: Web Servers

Nessus Plugin ID: 17231 (cern_httpd_cginame_overflow.nasl)

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial