Sun AnswerBook2 Web Server dwhttpd GET Request Remote Format String

critical Nessus Plugin ID 11075


It is possible to execute code on the remote host.


The remote web server is vulnerable to a format string attack.

An attacker may exploit this vulnerability to cause the web server to crash continually or even execute arbitrary code on the system.


Upgrade your software or protect it with a filtering reverse proxy.

Plugin Details

Severity: Critical

ID: 11075

File Name: dwhttp_format_string.nasl

Version: 1.32

Type: remote

Family: Web Servers

Published: 8/14/2002

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 5384