Dwarf HTTP Server < 1.3.3 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 3478

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running the Dwarf HTTP Server. This version of Dwarf is vulnerable to multiple input flaws due to a lack of data validation. An attacker exploiting these flaws will be able to impact confidentiality and integrity on the remote server.

Solution

Upgrade to version 1.3.3 or higher.

See Also

http://www.gnome.sk/Dwarf/dwarf_try&buy.html

Plugin Details

Severity: High

ID: 3478

Family: Web Servers

Published: 3/16/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:gnome:dwarf_http_server

Reference Information

CVE: CVE-2006-0819, CVE-2006-0820

BID: 17123