ByteOS Network

NVD Vulnerability Details :

CVE-2008-6520

Modified

Source-cve@mitre.org

Published At-25 Mar, 2009 | 18:30

Updated At-17 Aug, 2017 | 01:29

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

imatix>>xitami>>2.5c2

cpe:2.3:a:imatix:xitami:2.5c2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-134	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.bratax.be/advisories/b013.html	cve@mitre.org	Exploit
http://www.securityfocus.com/bid/28603	cve@mitre.org	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41645	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History