mod_ntlm for Apache Multiple Remote Vulnerabilities

High Nessus Plugin ID 11552


The remote web server module has multiple vulnerabilities.


The remote host seems to be running mod_ntlm, a NTLM authentication module for Apache. This version of mod_ntlm has a buffer overflow and a format string vulnerability. A remote attacker could exploit these issues to execute arbitrary code.


Apply the vendor patch.

See Also

Plugin Details

Severity: High

ID: 11552

File Name: mod_ntlm.nasl

Version: $Revision: 1.22 $

Type: remote

Family: Web Servers

Published: 2003/04/26

Modified: 2016/10/27

Dependencies: 10107, 67257, 17975

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

Vulnerability Information

Required KB Items: www/apache, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

BID: 7388, 7393

OSVDB: 55813, 55814