|
Family: Gain a shell remotely --> Category: mixed
BadBlue MFCISAPICommand Remote Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Detects MFCISAPICommand remote buffer overflow vulnerability in BadBlue
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is prone to buffer overflow attacks.
Description :
The remote host is running a version of BadBlue http server that has a
buffer overflow vulnerability in 'Ext.Dll', a module that handles http
requests. An unauthenticated remote attacker can leverage this
vulnerability by sending an HTTP request containing a
'mfcisapicommand' parameter with more than 250 chars to kill the web
server and possibly execute code remotely with Administrator rights.
See also :
http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0599.html
Solution :
Upgrade to BadBlue 2.60.0 or later.
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|