dwhttpd < 4.2 GET Request Remote Format String (deprecated)

High Nessus Network Monitor Plugin ID 1506

Synopsis

The remote dwhttpd server is vulnerable to a format string attack.

Description

The remote dwhttpd server is vulnerable to a format string attack. An attacker may use this flaw to execute arbitrary code on this host, with the privileges of the dwhttpd web server

Solution

Upgrade to version 4.2 or higher.

Plugin Details

Severity: High

ID: 1506

Family: Web Servers

Published: 2004/08/18

Modified: 2015/06/01

Dependencies: 1442

Nessus ID: 11075

Risk Information

Risk Factor: High

0
0
0

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Reference Information

BID: 5384