HTTP Method Remote Format String

critical Nessus Plugin ID 11801

Language:

Synopsis

It is possible to execute code on the remote host through the web server.

Description

The remote web server seems to be vulnerable to a format string attack on the method name. An attacker might use this flaw to make it crash or even execute arbitrary code on this host.

Solution

Upgrade your software or contact your vendor and inform him of this vulnerability.

Plugin Details

Severity: Critical

ID: 11801

File Name: http_method_format_string.nasl

Version: Revision: 1.19

Type: remote

Family: Web Servers

Published: 7/23/2003

Updated: 5/26/2014

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Detections

Analytics