Dwarf HTTP Server < 1.3.3 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 3478

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running the Dwarf HTTP Server. This version of Dwarf is vulnerable to multiple input flaws due to a lack of data validation. An attacker exploiting these flaws will be able to impact confidentiality and integrity on the remote server.

Solution

Upgrade to version 1.3.3 or higher.

See Also

http://www.gnome.sk/Dwarf/dwarf_try&amp;buy.html

Plugin Details

Severity: High

ID: 3478

File Name: 3478.prm

Family: Web Servers

Published: 2006/03/16

Modified: 2016/02/05

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:C

CVSSv3

Base Score: 7.5

Temporal Score: 7.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:U/RC:C

Reference Information

CVE: CVE-2006-0819, CVE-2006-0820

BID: 17123

OSVDB: 23836, 23837