How can get the reproduce/test procedure for the vulnerabilities reported by NESSUS?

335 views Asked by At

My NESSUS scanning gives report that there are vulnerabilities in my host, such as:

>     Vulnerabilities by PluginExpand All | Collapse All
>     **11801 (1) - HTTP Method Remote Format String-**
>     **Synopsis**
>     It is possible to execute code on the remote host through the web server.
>     DescriptionThe remote web server seems to be vulnerable to a format string attack on the method name. An attacker might use this
> flaw to make it crash or even execute arbitrary code on this host.
>     **Solution**
>     Upgrade your software or contact your vendor and inform him of this vulnerability.

I expect that the tool should give the detailed http request used that can crash my http server, but it is not included in the report. So I am in difficulty to investigate/remedy this vulnerability.

Please help to suggest how I can figure out the http request used which can crash my server? Can the NESSUS tool have this information provided?

1

There are 1 answers

0
yaningo On

Have you checked the code in the related NASL (http_method_format_string.nasl) as well as the include files? Check this page to locate the Plugin Directory