Vulnerability Details CVE-2008-6519
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.057
EPSS Ranking 90.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.bratax.be/advisories/b013.html
- http://www.securityfocus.com/bid/28603
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41644
- https://www.exploit-db.com/exploits/5354
- http://www.bratax.be/advisories/b013.html
- http://www.securityfocus.com/bid/28603
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41644
- https://www.exploit-db.com/exploits/5354
Products affected by CVE-2008-6519
-
cpe:2.3:a:imatix:xitami:2.2a
-
cpe:2.3:a:imatix:xitami:2.4
-
cpe:2.3:a:imatix:xitami:2.4d7
-
cpe:2.3:a:imatix:xitami:2.5
-
cpe:2.3:a:imatix:xitami:2.5c2