BrowseGate HTTP MIME Headers Remote Overflow

high Nessus Plugin ID 11130

Synopsis

It may be possible to execute arbitrary code on the remote web server.

Description

It is possible to kill the remote server by sending it an invalid request with too long HTTP headers (Authorization and Referer).

BrowseGate proxy is known to be vulnerable to this flaw.

An attacker could exploit this vulnerability to cause the web server to crash continually or to execute arbitrary code on the system.

Solution

Upgrade your software or protect it with a filtering reverse proxy

Plugin Details

Severity: High

ID: 11130

File Name: browsegate_http_overflows.nasl

Version: 1.29

Type: remote

Family: Web Servers

Published: 9/21/2002

Updated: 8/5/2020

Configuration: Enable paranoid mode

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS Score Source: CVE-2000-0908

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/18/2000

Reference Information

CVE: CVE-2000-0908

BID: 1702