HIGH🇵🇱 Wersja polska

CVE-2008-6519

CVSS 10.0v2.0pub. 2009-03-25upd. 2026-04-23

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Imatix Xitami

    APP
    Imatix
    2.2a2.42.4d72.52.5c2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2008-6520HIGH10.0ten sam produkt

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versio...

CVE-2007-5067HIGH7.5ten sam produkt

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code v...

CVE-2002-1942MEDIUM5.0ten sam produkt

Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or close...

CVE-2002-1965MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attacker...

CVE-2001-0391MEDIUM5.0ten sam produkt

Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory...