| VID |
22357 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The 4D WebStar Web server, according to its banner, has a buffer overflow vulnerability in its Tomcat plugin. 4D WebSTAR Server is a software product that provides Web, FTP, and Mail services for Mac OS X. 4D WebSTAR V version 5.4 and earlier versions running on Mac OS X are vulnerable to a remote buffer overflow vulnerability in the Tomcat plug-in. By sending a specially crafted HTTP request with an overly long URL, a remote attacker could overflow a buffer and execute arbitrary code on the affected host, or crash the service. The Tomcat Plug-in is enabled by default.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-05/0086.html
http://www.osvdb.org/displayvuln.php?osvdb_id=16154
http://secunia.com/advisories/15278
* Platforms Affected:
4D WebSTAR V version 5.4 and earlier versions
Apple Mac OS X Any version |
| Recommendation |
Apply the appropriate fix, available from the WebSTAR Download Web site at http://www.4d.com/products/downloads_4dws.html |
| Related URL |
CVE-2005-1507 (CVE) |
| Related URL |
13538 (SecurityFocus) |
| Related URL |
20478 (ISS) |
|
