Web Server HTTP Basic Authorization Header Remote Overflow DoS

high Nessus Plugin ID 12201

Language:

Synopsis

The remote host is running a web server with a remote buffer overflow vulnerability.

Description

It was possible to kill the web server by sending a request with a long basic authentication field.

A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code.

Solution

Upgrade to the latest version or protect it with a filtering reverse proxy

Plugin Details

Severity: High

ID: 12201

File Name: www_too_long_auth_DoS.nasl

Version: Revision: 1.17

Type: remote

Family: Web Servers

Published: 4/11/2004

Updated: 5/27/2014

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport