Detections
Analytics

Web Server HTTP OPTIONS Method URL Handling Remote Overflow

high Nessus Plugin ID 11235

Synopsis

Arbitrary code may be run on the remote web server.

Description

It may be possible to make the web server crash or even execute arbitrary code by sending it a too long URL through the OPTIONS method.

Solution

Upgrade your web server.

Plugin Details

Severity: High

ID: 11235

File Name: www_too_long_options.nasl

Version: Revision: 1.17

Type: remote

Family: Web Servers

Published: 2/17/2003

Updated: 5/27/2014

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport