Web Server Long URL Handling Remote Overflow DoS

High Nessus Plugin ID 10320

Synopsis

The remote web server may be affected by a buffer overflow vulnerability.

Description

The remote web server crashes when it receives a too long URL. It might be possible to make it execute arbitrary code through this flaw.

Solution

Contact the web server's author / vendor for a patch.

Plugin Details

Severity: High

ID: 10320

File Name: www_too_long_url.nasl

Version: 1.75

Type: remote

Family: Web Servers

Published: 1999/06/22

Updated: 2018/08/07

Dependencies: 18366, 10107

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (CANVAS)

Metasploit (UltraVNC 1.0.1 Client Buffer Overflow)

Reference Information

CVE: CVE-2000-0002, CVE-2000-0065, CVE-2000-0571, CVE-2000-0641, CVE-2001-0820, CVE-2001-0836, CVE-2001-1250, CVE-2002-0123, CVE-2002-1003, CVE-2002-1011, CVE-2002-1012, CVE-2002-1120, CVE-2002-1166, CVE-2002-1212, CVE-2002-1905, CVE-2002-2149, CVE-2003-0125, CVE-2003-0833, CVE-2004-2299, CVE-2005-1173, CVE-2006-1652

BID: 889, 1423, 2979, 6994, 7067, 7280, 8726, 17378