HTTP Header Name Remote Format String

Critical Nessus Plugin ID 15641


The remote web server is prone to a remote format string attack.


The remote web server seems to be vulnerable to a remote format string attack based on the way it responds to a request containing a header whose name includes a format string. An anonymous attacker may be able to leverage this flaw to make the affected service crash or to execute arbitrary code on this host.


Upgrade the software or contact the vendor and inform them of this vulnerability.

Plugin Details

Severity: Critical

ID: 15641

File Name: http_header_name_format_string.nasl

Version: $Revision: 1.16 $

Type: remote

Family: Web Servers

Published: 2004/11/06

Modified: 2014/05/26

Dependencies: 10107

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport