ePolicy Orchestrator HTTP GET Request Remote Format String

critical Nessus Plugin ID 11409

Language:

Synopsis

The remote web server is vulnerable to a format string attack.

Description

If the remote web server is ePolicy Orchestrator, an attacker may use this flaw to execute code with the SYSTEM privileges on this host.

Solution

Upgrade to the latest version of this software.

See Also

http://www.nessus.org/u?0cc673e1

Plugin Details

Severity: Critical

ID: 11409

File Name: epolicy_orchestrator_format_string.nasl

Version: 1.22

Type: remote

Family: Web Servers

Published: 3/17/2003

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mcafee:epolicy_orchestrator

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/17/2003

Reference Information

CVE: CVE-2002-0690

BID: 7111

SECUNIA: 8311