CERN httpd CGI Name Handling Remote Overflow
High Nessus Plugin ID 17231
SynopsisThe remote web server may be affected by a buffer overflow vulnerability.
DescriptionThe remote web server stopped responding after sending it a GET request for a CGI script with a arbitrary long file name. This is known to trigger a heap overflow in some servers like CERN HTTPD. An attacker may use this flaw to disrupt the remote service and possibly even run malicious code on the affected host subject to the privileges under which the service operates.
SolutionContact the vendor for a patch or move to another server.