CVE-2008-6938

Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
holger_zimmermannpi3web
𝑥
≤ 2.0.3_pl1
holger_zimmermannpi3web
1.0.1
holger_zimmermannpi3web
2.0
holger_zimmermannpi3web
2.0.1
holger_zimmermannpi3web
2.0.2_beta_1:_beta_1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html
http://secunia.com/advisories/32696
http://www.osvdb.org/49998
http://www.osvdb.org/49999
http://www.securityfocus.com/archive/1/498575
http://www.securityfocus.com/archive/1/498602
http://www.securityfocus.com/archive/1/498770
http://www.securityfocus.com/archive/1/498771
http://www.securityfocus.com/archive/1/498865
http://www.securityfocus.com/bid/32287
https://exchange.xforce.ibmcloud.com/vulnerabilities/46600
https://www.exploit-db.com/exploits/7109
http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html
http://secunia.com/advisories/32696
http://www.osvdb.org/49998
http://www.osvdb.org/49999
http://www.securityfocus.com/archive/1/498575
http://www.securityfocus.com/archive/1/498602
http://www.securityfocus.com/archive/1/498770
http://www.securityfocus.com/archive/1/498771
http://www.securityfocus.com/archive/1/498865
http://www.securityfocus.com/bid/32287
https://exchange.xforce.ibmcloud.com/vulnerabilities/46600
https://www.exploit-db.com/exploits/7109