CGI Generic Format String

high Nessus Plugin ID 42055

Synopsis

Arbitrary code may be run on the remote server.

Description

The remote web server hosts CGI scripts that fail to adequately sanitize request strings. They seem to be vulnerable to a 'format string' attack. By leveraging this issue, an attacker may be able to execute arbitrary code on the remote host subject to the privileges under which the web server operates.

Please inspect the results as this script is prone to false positives.

Solution

Restrict access to the vulnerable application / scripts. And contact the vendor for a patch or upgrade.

See Also

https://en.wikipedia.org/wiki/Format_string_attack

http://projects.webappsec.org/w/page/13246926/Format%20String

Plugin Details

Severity: High

ID: 42055

File Name: torture_cgi_format_string.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 10/7/2009

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport, Settings/enable_web_app_tests