Netscape Enterprise Server Basic Authentication Buffer Overflow RCE (EGGBASKET/XP_NS-HTTPD)
Critical Nessus Plugin ID 100511
SynopsisA web application running on the remote host is affected by a remote code execution vulnerability.
DescriptionAccording to its banner, the Netscape Enterprise Server running on the remote host is either version 3.6 or 3.6 SP1. It is, therefore, affected by a buffer overflow condition in the HTTP Basic Authentication module of the server. An unauthenticated, remote attacker can exploit this to execute arbitrary code with elevated privileges.
EGGBASKET is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/08 by a group known as the Shadow Brokers.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
SolutionContact the vendor for a patch.