Monkey HTTP Daemon (monkeyd) PostMethod() Function Remote Overflow

high Nessus Plugin ID 11544

Language:

Synopsis

Arbitrary code can be run on the remote web server.

Description

The version of Monkey web server that you are running is vulnerable to a buffer overflow on a POST command with too much data.
It is possible to make this web server crash or execute arbitrary code.

Solution

Upgrade to Monkey server 0.6.2

Plugin Details

Severity: High

ID: 11544

File Name: monkeyweb_too_big_post.nasl

Version: 1.19

Type: remote

Family: Web Servers

Published: 4/22/2003

Updated: 7/14/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/23/2003

Reference Information

CVE: CVE-2003-0218

BID: 7202