HIGH🇬🇧 English

CVE-2008-6520

CVSS 10.0v2.0pub. 2009-03-25upd. 2026-04-23

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Imatix Xitami

    APP
    Imatix
    2.5c2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDoS
CWE
Referencje

Powiązane podatności

CVE-2008-6519HIGH10.0ten sam produkt

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remot...

CVE-2007-5067HIGH7.5ten sam produkt

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code v...

CVE-2002-1942MEDIUM5.0ten sam produkt

Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or close...

CVE-2002-1965MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attacker...

CVE-2001-0391MEDIUM5.0ten sam produkt

Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory...