thttpd < 2.05 If-Modified-Since Header Overflow

critical Nessus Network Monitor Plugin ID 1522

Synopsis

The remote web server contains a buffer overflow in the portion of its code which processes the argument of the header 'If-Modified-Since'.

Description

The remote web server contains a buffer overflow in the portion of its code which processes the argument of the header 'If-Modified-Since'. By supplying a malformed argument to this header, an attacker may be able to execute arbitrary code on this host, with the privileges of the web server.

Solution

Upgrade to thttpd 2.05 or higher.

Plugin Details

Severity: Critical

ID: 1522

Family: Web Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 10285

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:acme:thttpd

Reference Information

CVE: CVE-2000-0359

BID: 1248