CyberSec.Space Logo
Back to CVE Browser

CVE-2008-6519

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1410%
EPSS Percentile21.04th
PublishedMar 25, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

Affected Platforms (CPE)

πŸ“¦
Imatix

Xitami

= 2.2a
πŸ“¦
Imatix

Xitami

= 2.4
πŸ“¦
Imatix

Xitami

= 2.4d7
πŸ“¦
Imatix

Xitami

= 2.4d7
πŸ“¦
Imatix

Xitami

= 2.5
πŸ“¦
Imatix

Xitami

= 2.5c2

References & Advisories

πŸ”— http://www.bratax.be/advisories/b013.html
πŸ”— http://www.securityfocus.com/bid/28603
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41644
πŸ”— https://www.exploit-db.com/exploits/5354
πŸ”— http://www.bratax.be/advisories/b013.html
πŸ”— http://www.securityfocus.com/bid/28603
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41644
πŸ”— https://www.exploit-db.com/exploits/5354

Related Vulnerabilities

CVE-2008-652010.0

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote att...

CVE-2001-14819.8

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are wo...

CVE-2007-50677.5

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modifie...

CVE-2002-19425.0

Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allow...