CVE-2008-6519

EUVD-2008-6486
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
imatixxitami
2.2a:a
imatixxitami
2.4
imatixxitami
2.4d7:d7
imatixxitami
2.4d7:d7
imatixxitami
2.5
imatixxitami
2.5c2:c2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.bratax.be/advisories/b013.html
http://www.securityfocus.com/bid/28603
https://exchange.xforce.ibmcloud.com/vulnerabilities/41644
https://www.exploit-db.com/exploits/5354
http://www.bratax.be/advisories/b013.html
http://www.securityfocus.com/bid/28603
https://exchange.xforce.ibmcloud.com/vulnerabilities/41644
https://www.exploit-db.com/exploits/5354