CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-6520

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile24.65th
Published2009年3月25日
Last Modified2026年4月23日

Vulnerability Description

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

Affected Platforms (CPE)

📦
Imatix

Xitami

= 2.5c2

References & Advisories

🔗 http://www.bratax.be/advisories/b013.html
🔗 http://www.securityfocus.com/bid/28603
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41645
🔗 http://www.bratax.be/advisories/b013.html
🔗 http://www.securityfocus.com/bid/28603
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41645

相关漏洞威胁

CVE-2008-651910.0

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause...

CVE-2001-14819.8

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are wo...

CVE-2007-50677.5

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modifie...

CVE-2002-19425.0

Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allow...