CERN httpd CGI Name Handling Remote Overflow

This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.

Synopsis :

The remote web server may be affected by a buffer overflow

Description :

The remote web server stopped responding after sending it a GET
request for a CGI script with a arbitrary long file name. This is
known to trigger a heap overflow in some servers like CERN HTTPD. An
attacker may use this flaw to disrupt the remote service and possibly
even run malicious code on the affected host subject to the privileges
under which the service operates.

Solution :

Contact the vendor for a patch or move to another server.

Risk factor :

High / CVSS Base Score : 7.5

Family: Web Servers

Nessus Plugin ID: 17231 (cern_httpd_cginame_overflow.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now