HTTP Header Name Remote Format String

critical Nessus Plugin ID 15641

Language:

Synopsis

The remote web server is prone to a remote format string attack.

Description

The remote web server seems to be vulnerable to a remote format string attack based on the way it responds to a request containing a header whose name includes a format string. An anonymous attacker may be able to leverage this flaw to make the affected service crash or to execute arbitrary code on this host.

Solution

Upgrade the software or contact the vendor and inform them of this vulnerability.

Plugin Details

Severity: Critical

ID: 15641

File Name: http_header_name_format_string.nasl

Version: Revision: 1.16

Type: remote

Family: Web Servers

Published: 11/6/2004

Updated: 5/26/2014

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Detections

Analytics