Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
AV:N/AC:L/Au:N/C:C/I:C/A:CImatix Xitami
APPImatix2.2a2.42.4d72.52.5c2
Related vulnerabilities
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versio...
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code v...
Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or close...
Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attacker...
Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory...