Web Server Long URL Handling Remote Overflow DoS

high Nessus Plugin ID 10320

Synopsis

The remote web server may be affected by a buffer overflow vulnerability.

Description

The remote web server crashes when it receives a too long URL. It might be possible to make it execute arbitrary code through this flaw.

Solution

Contact the web server's author / vendor for a patch.

Plugin Details

Severity: High

ID: 10320

File Name: www_too_long_url.nasl

Version: 1.75

Type: remote

Family: Web Servers

Published: 6/22/1999

Updated: 8/7/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (CANVAS)

Metasploit (UltraVNC 1.0.1 Client Buffer Overflow)

Reference Information

CVE: CVE-2000-0002, CVE-2000-0065, CVE-2000-0571, CVE-2000-0641, CVE-2001-0820, CVE-2001-0836, CVE-2001-1250, CVE-2002-0123, CVE-2002-1003, CVE-2002-1011, CVE-2002-1012, CVE-2002-1120, CVE-2002-1166, CVE-2002-1212, CVE-2002-1905, CVE-2002-2149, CVE-2003-0125, CVE-2003-0833, CVE-2004-2299, CVE-2005-1173, CVE-2006-1652

BID: 889, 1423, 2979, 6994, 7067, 7280, 8726, 17378

Detections

Analytics