This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote web server is at risk of a buffer overflow attack.
According to its self-reported banner, the Apache web server listening
on this port includes a version of the mod_fcgid module earlier than
2.3.6. As such, it has a stack-based buffer overflow vulnerability
because of an error in the pointer arithmetic used in the
An unauthenticated, remote attacker can leverage this with a specially
crafted request to overwrite data on the stack, leading to an
application crash or possibly even arbitrary code execution subject to
the privileges under which the web server operates.
See also :
Update to version 2.3.6 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false