Appweb 3.1.x / 3.2.x / 3.3.x < 3.3.3 mprUrlEncode Function Heap Overflow Vulnerability

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The remote web server may be affected by a buffer overflow vulnerability.

Description :

According to its banner, the version of Appweb installed on the
remote host is 3.1.x, 3.2.x or 3.3.x earlier than 3.3.3. It is,
therefore, potentially affected by a heap-based buffer overflow
vulnerability caused by a casting error in the function 'mprUrlEncode'
in the file 'src/mpr/mprLib.c'.

Note that Nessus did not actually test for this issue, but instead
has relied on the version in the server's banner.

Further note that this issue reportedly only affects Appweb when
running on Microsoft Windows operating systems.

See also :

Solution :

Upgrade to Appweb version 3.3.3 or later.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Web Servers

Nessus Plugin ID: 61396 ()

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial