Sun AnswerBook2 Web Server dwhttpd GET Request Remote Format String

critical Nessus Plugin ID 11075

Synopsis

It is possible to execute code on the remote host.

Description

The remote web server is vulnerable to a format string attack.

An attacker may exploit this vulnerability to cause the web server to crash continually or even execute arbitrary code on the system.

Solution

Upgrade your software or protect it with a filtering reverse proxy.

Plugin Details

Severity: Critical

ID: 11075

File Name: dwhttp_format_string.nasl

Version: 1.32

Type: remote

Family: Web Servers

Published: 8/14/2002

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 5384

Detections

Analytics