exploitDog

CVE-2008-6519

Опубликовано: 25 мар. 2009

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imatix:xitami:2.2a:*:*:*:*:*:*:*

cpe:2.3:a:imatix:xitami:2.4:*:*:*:*:*:*:*

cpe:2.3:a:imatix:xitami:2.4d7:*:*:*:*:*:*:*

cpe:2.3:a:imatix:xitami:2.4d7:*:windows:*:*:*:*:*

cpe:2.3:a:imatix:xitami:2.5:*:*:*:*:*:*:*

cpe:2.3:a:imatix:xitami:2.5c2:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08818

Низкий

10 Critical

CVSS2

Дефекты

CWE-134

Связанные уязвимости

GHSA-jhw8-2486-29cw

github

больше 3 лет назад

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

EPSS

Процентиль: 92%

0.08818

Низкий

10 Critical

CVSS2

Дефекты

CWE-134