Family: Gain a shell remotely --> Category: mixed
BadBlue MFCISAPICommand Remote Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detects MFCISAPICommand remote buffer overflow vulnerability in BadBlue
Detailed Explanation for this Vulnerability Test
The remote web server is prone to buffer overflow attacks.
The remote host is running a version of BadBlue http server that has a
buffer overflow vulnerability in 'Ext.Dll', a module that handles http
requests. An unauthenticated remote attacker can leverage this
vulnerability by sending an HTTP request containing a
'mfcisapicommand' parameter with more than 250 chars to kill the web
server and possibly execute code remotely with Administrator rights.
See also :
Upgrade to BadBlue 2.60.0 or later.
Critical / CVSS Base Score : 10
Click HERE for more information and discussions on this network vulnerability scan.