CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-6519

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1410%
EPSS Percentile21.04th
Published2009年3月25日
Last Modified2026年4月23日

Vulnerability Description

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

Affected Platforms (CPE)

📦
Imatix

Xitami

= 2.2a
📦
Imatix

Xitami

= 2.4
📦
Imatix

Xitami

= 2.4d7
📦
Imatix

Xitami

= 2.4d7
📦
Imatix

Xitami

= 2.5
📦
Imatix

Xitami

= 2.5c2

References & Advisories

🔗 http://www.bratax.be/advisories/b013.html
🔗 http://www.securityfocus.com/bid/28603
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41644
🔗 https://www.exploit-db.com/exploits/5354
🔗 http://www.bratax.be/advisories/b013.html
🔗 http://www.securityfocus.com/bid/28603
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41644
🔗 https://www.exploit-db.com/exploits/5354

相關漏洞威脅

CVE-2008-652010.0

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote att...

CVE-2001-14819.8

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are wo...

CVE-2007-50677.5

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modifie...

CVE-2002-19425.0

Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allow...