Detections
Analytics

Apache < 2.0.44 DOS Device Name Multiple Remote Vulnerabilities (Code Exec, DoS)

high Nessus Plugin ID 11209

Language:

Synopsis

The remote web server is affected by multiple remote vulnerabilities.

Description

The remote host appears to be running a version of Apache for Windows that is older than 2.0.44.

There are several flaws in this version that allow an attacker to crash this host or even execute arbitrary code remotely, but it only affects WindowsME and Windows9x.

*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive.

Solution

Upgrade to Apache 2.0.44 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg1IC48645

Plugin Details

Severity: High

ID: 11209

File Name: apache_win32_devname.nasl

Version: 1.24

Type: remote

Family: Web Servers

Published: 1/22/2003

Updated: 6/29/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: installed_sw/Apache

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/20/2003

Reference Information

CVE: CVE-2003-0016

BID: 6659

Secunia: 20493