Appweb 3.1.x / 3.2.x / 3.3.x < 3.3.3 mprUrlEncode Function Heap Overflow Vulnerability

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server may be affected by a buffer overflow vulnerability.

Description :

According to its banner, the version of Appweb installed on the
remote host is 3.1.x, 3.2.x or 3.3.x earlier than 3.3.3. It is,
therefore, potentially affected by a heap-based buffer overflow
vulnerability caused by a casting error in the function 'mprUrlEncode'
in the file 'src/mpr/mprLib.c'.

Note that Nessus did not actually test for this issue, but instead
has relied on the version in the server's banner.

Further note that this issue reportedly only affects Appweb when
running on Microsoft Windows operating systems.

See also :

http://freecode.com/projects/appweb/releases/345430
https://github.com/embedthis/appweb-4/issues/137
http://www.nessus.org/u?fc55376e

Solution :

Upgrade to Appweb version 3.3.3 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 61396 ()

Bugtraq ID:

CVE ID: