Detections
Analytics

Spiceworks HTTP Response Accept Header Handling Overflow DoS

critical Nessus Plugin ID 40552

Language:

Synopsis

The remote host has an application that is affected by a buffer overflow vulnerability.

Description

The remote host is running Spiceworks IT Desktop, an application used to inventory, monitor, manage and report on software and hardware assets in small and medium-sized businesses.

The installed version of Spiceworks is earlier than 4.0. Such versions are reportedly affected by a buffer overflow that can be triggered by sending an overly long 'Accept' request header. An anonymous remote attacker may be able to leverage this issue to execute arbitrary code on the remote host, subject to the privileges under which the application runs.

Solution

Upgrade to Spiceworks 4.0 or later.

See Also

https://twitter.com/Spiceworks/status/3183604568

Plugin Details

Severity: Critical

ID: 40552

File Name: spiceworks_4_0.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 8/11/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2009

Vulnerability Publication Date: 8/7/2009

Reference Information

BID: 43246