Detections
Analytics
ProZilla < 1.3.7.4 Location Header Format String
medium Nessus Network Monitor Plugin ID 2644
Synopsis
The remote client is vulnerable to a remote overflow.Description
The remote host is using Prozilla, a download accelerator for Linux and Unix systems. The remote version of this software contains a flaw in the way that it handles server HTTP headers. Specifically, Prozilla does not properly handle format strings, which would allow the remote attacker to execute arbitrary code on the client (Prozilla) machine. An attacker exploiting this flaw would need to be able to convince a user to browse a malicious website. In addition, the remote host is reported vulnerable to a remote buffer overflow. The details of this overflow have not been made public at this time.Solution
Upgrade to version 1.3.7.4 or higher.Plugin Details
Severity: Medium
ID: 2644
Family: Web Clients
Published: 2/24/2005
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.5
Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.9
Temporal Score: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X
Vulnerability Information
CPE: cpe:/a:prozilla:prozilla_download_accelerator
Reference Information
CVE: CVE-2005-0523, CVE-2005-2961