CERN httpd CGI Name Handling Remote Overflow

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server may be affected by a buffer overflow
vulnerability.

Description :

The remote web server stopped responding after sending it a GET
request for a CGI script with a arbitrary long file name. This is
known to trigger a heap overflow in some servers like CERN HTTPD. An
attacker may use this flaw to disrupt the remote service and possibly
even run malicious code on the affected host subject to the privileges
under which the service operates.

Solution :

Contact the vendor for a patch or move to another server.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 17231 (cern_httpd_cginame_overflow.nasl)

Bugtraq ID:

CVE ID: