Alibaba Web Server 2.0 HTTP Request Overflow DoS

high Nessus Plugin ID 10012

Synopsis

The remote web server seems to be vulnerable to a buffer overflow.

Description

It is possible to make the remote web server execute arbitrary commands by sending the following request:

POST AA[...]AA/ HTTP/1.0 This problem may allow an attacker to execute arbitrary code on the remote system or create a denial of service (DoS) attack.

Solution

At the time of this writing, no solution was available. Check with your vendor for a possible patch, or consider changing your web server.

Plugin Details

Severity: High

ID: 10012

File Name: alibaba_overflow.nasl

Version: 1.40

Type: remote

Family: Web Servers

Published: 10/29/1999

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: www/too_long_url_crash

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/18/2000

Reference Information

CVE: CVE-2000-0626

BID: 1482