Format string on URI

Published: 2005-11-03 13:08:04

CVSS Base Vector:

The remote web server seems to be vulnerable to a format string attack on the URI. An attacker might use this flaw to make it crash or even execute arbitrary code on this host.

Detection Method:
Send a crafted request via HTTP GET and check whether the server is vulnerable to format string attack.

Technical Details:
Flaw is due to the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successful exploitation will allow remote attackers to execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system.

Upgrade your software or contact your vendor and inform him of this vulnerability.

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.