Detections
Analytics

BadBlue ext.dll mfcisapicommand Parameter Remote Overflow

critical Nessus Plugin ID 17241

Language:

Synopsis

The remote web server is prone to buffer overflow attacks.

Description

The remote host is running a version of BadBlue HTTP server that has a buffer overflow vulnerability in 'ext.dll', a module that handles HTTP requests. An unauthenticated, remote attacker can leverage this vulnerability by sending an HTTP request containing a 'mfcisapicommand' parameter with more than 250 chars to kill the web server and possibly execute code remotely with Administrator rights.

Solution

Upgrade to BadBlue 2.60.0 or later.

See Also

https://seclists.org/fulldisclosure/2005/Feb/671

Plugin Details

Severity: Critical

ID: 17241

File Name: badblue_extdll.dos.nasl

Version: 1.22

Type: remote

Family: Web Servers

Published: 3/1/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/26/2007

Vulnerability Publication Date: 2/25/2005

Exploitable With

Metasploit (BadBlue 2.5 EXT.dll Buffer Overflow)

Reference Information

CVE: CVE-2005-0595

BID: 12673