HTTP Header Value Remote Format String

critical Nessus Plugin ID 15642

Language:

Synopsis

The remote web server is prone to a remote format string attack.

Description

The remote web server seems to be vulnerable to a remote format string attack based on the way it responds to a request containing a header whose value includes a format string. An anonymous attacker may be able to leverage this flaw to make the affected service crash or to execute arbitrary code on this host.

Solution

Upgrade the software or contact the vendor and inform them of this vulnerability.

Plugin Details

Severity: Critical

ID: 15642

File Name: http_header_value_format_string.nasl

Version: Revision: 1.21

Type: remote

Family: Web Servers

Published: 11/6/2004

Updated: 10/21/2015

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Detections

Analytics