CyberSec.Space Logo
Back to CVE Browser

CVE-2008-6520

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile24.65th
PublishedMar 25, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

Affected Platforms (CPE)

πŸ“¦
Imatix

Xitami

= 2.5c2

References & Advisories

πŸ”— http://www.bratax.be/advisories/b013.html
πŸ”— http://www.securityfocus.com/bid/28603
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41645
πŸ”— http://www.bratax.be/advisories/b013.html
πŸ”— http://www.securityfocus.com/bid/28603
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41645

Related Vulnerabilities

CVE-2008-651910.0

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause...

CVE-2001-14819.8

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are wo...

CVE-2007-50677.5

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modifie...

CVE-2002-19425.0

Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allow...