CERN httpd CGI Name Handling Remote Overflow

high Nessus Plugin ID 17231

Language:

Synopsis

The remote web server may be affected by a buffer overflow vulnerability.

Description

The remote web server stopped responding after sending it a GET request for a CGI script with a arbitrary long file name. This is known to trigger a heap overflow in some servers like CERN HTTPD. An attacker may use this flaw to disrupt the remote service and possibly even run malicious code on the affected host subject to the privileges under which the service operates.

Solution

Contact the vendor for a patch or move to another server.

Plugin Details

Severity: High

ID: 17231

File Name: cern_httpd_cginame_overflow.nasl

Version: 1.22

Type: remote

Family: Web Servers

Published: 2/28/2005

Updated: 8/9/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Detections

Analytics