Alibaba Web Server 2.0 HTTP Request Overflow DoS

High Nessus Plugin ID 10012


The remote web server seems to be vulnerable to a buffer overflow.


It is possible to make the remote web server execute arbitrary commands by sending the following request:

POST AA[...]AA/ HTTP/1.0 This problem may allow an attacker to execute arbitrary code on the remote system or create a denial of service (DoS) attack.


At the time of this writing, no solution was available. Check with your vendor for a possible patch, or consider changing your web server.

Plugin Details

Severity: High

ID: 10012

File Name: alibaba_overflow.nasl

Version: $Revision: 1.39 $

Type: remote

Family: Web Servers

Published: 1999/10/29

Modified: 2011/03/14

Dependencies: 10320, 10107

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Excluded KB Items: www/too_long_url_crash

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2000/07/18

Reference Information

CVE: CVE-2000-0626

BID: 1482