N-Stealth Security Scanner Server Header Arbitrary Script Injection

2005-09-01T23:36:50
ID OSVDB:19153
Type osvdb
Reporter OSVDB
Modified 2005-09-01T23:36:50

Description

Technical Description

Due to the nature of the software, it is counter productive to sanitize or limit the input collected in any fashion. Further, this vulnerability could only be exploited if an attacker has knowledge that a system will be scanned with N-Stealth Security Scanner and has the abililty to modify server headers such as "Server:".

References:

Vendor URL: http://www.nstalker.com/eng/products/nstealth/ Secunia Advisory ID:16684 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0025.html CVE-2005-2861 Bugtraq ID: 14717