CVE-2008-6520

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
imatixxitami
2.5c2:c2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.bratax.be/advisories/b013.html
http://www.securityfocus.com/bid/28603
https://exchange.xforce.ibmcloud.com/vulnerabilities/41645
http://www.bratax.be/advisories/b013.html
http://www.securityfocus.com/bid/28603
https://exchange.xforce.ibmcloud.com/vulnerabilities/41645