Detections
Analytics

Web Server HTTP Cookie Header Remote Overflow

high Nessus Plugin ID 11077

Synopsis

The remote host is running a web server with a remote buffer overflow vulnerability.

Description

It was possible to kill the web server by sending an invalid request with a long cookie name or value.

An attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code.

This is known to affect early versions of Apache and may also affect additional web servers.

Solution

Upgrade your software or protect it with a filtering reverse proxy.

See Also

https://seclists.org/bugtraq/1997/Jan/44

Plugin Details

Severity: High

ID: 11077

File Name: www_too_long_cookie.nasl

Version: 1.33

Type: remote

Family: Web Servers

Published: 8/14/2002

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 9/1/1997

Reference Information

CVE: CVE-1999-0071