This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote web server is at risk of a buffer overflow attack.
According to its self-reported banner, the Apache web server listening
on this port includes a version of the mod_fcgid module earlier than
2.3.6. As such, it has a stack-based buffer overflow vulnerability
because of an error in the pointer arithmetic used in the
An unauthenticated, remote attacker can leverage this with a specially
crafted request to overwrite data on the stack, leading to an
application crash or possibly even arbitrary code execution subject to
the privileges under which the web server operates.
See also :
Update to version 2.3.6 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 54607 ()
Bugtraq ID: 44900
CVE ID: CVE-2010-3872
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.