Appweb 3.1.x / 3.2.x / 3.3.x < 3.3.3 mprUrlEncode Function Heap Overflow Vulnerability

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The remote web server may be affected by a buffer overflow vulnerability.

Description :

According to its banner, the version of Appweb installed on the
remote host is 3.1.x, 3.2.x or 3.3.x earlier than 3.3.3. It is,
therefore, potentially affected by a heap-based buffer overflow
vulnerability caused by a casting error in the function 'mprUrlEncode'
in the file 'src/mpr/mprLib.c'.

Note that Nessus did not actually test for this issue, but instead
has relied on the version in the server's banner.

Further note that this issue reportedly only affects Appweb when
running on Microsoft Windows operating systems.

See also :

Solution :

Upgrade to Appweb version 3.3.3 or later.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Web Servers

Nessus Plugin ID: 61396 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now