HTTP Header Value Remote Format String

Critical Nessus Plugin ID 15642


The remote web server is prone to a remote format string attack.


The remote web server seems to be vulnerable to a remote format string
attack based on the way it responds to a request containing a header
whose value includes a format string. An anonymous attacker may be
able to leverage this flaw to make the affected service crash or to
execute arbitrary code on this host.


Upgrade the software or contact the vendor and inform them of this

Plugin Details

Severity: Critical

ID: 15642

File Name: http_header_value_format_string.nasl

Version: Revision: 1.21

Type: remote

Family: Web Servers

Published: 2004/11/06

Modified: 2015/10/21

Dependencies: 10107

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C