Apache mod_auth_kerb <= 5.20 Buffer Overflow

Low Nessus Network Monitor Plugin ID 3816


The remote host is vulnerable to a buffer overflow.


The remote host is running the Apache mod_auth_kerb Kerberos authentication module. This version of mod_auth_kerb is reported to be vulnerable to a remote buffer overflow. The details of the attack are not yet known, however, it is alleged that an attacker would be able to crash the system or execute arbitrary code. In order to exploit this flaw, an attacker would only need to send a malformed Kerberos authentication request.


Upgrade to a version higher than 5.20.

See Also


Plugin Details

Severity: Low

ID: 3816

Family: Web Servers

Published: 2006/11/22

Modified: 2016/02/05

Dependencies: 3057

Nessus ID: 25225, 23788, 23797, 24063

Risk Information

Risk Factor: Low


Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND


Base Score: 4.2

Temporal Score: 3.6


Temporal Vector: CVSS3#E:U/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:apache:http_server

Reference Information

CVE: CVE-2006-5989

BID: 21214