Vulnerability Details CVE-2008-6938
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.737
EPSS Ranking 98.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html
- http://secunia.com/advisories/32696
- http://www.osvdb.org/49998
- http://www.osvdb.org/49999
- http://www.securityfocus.com/archive/1/498575
- http://www.securityfocus.com/archive/1/498602
- http://www.securityfocus.com/archive/1/498770
- http://www.securityfocus.com/archive/1/498771
- http://www.securityfocus.com/archive/1/498865
- http://www.securityfocus.com/bid/32287
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46600
- https://www.exploit-db.com/exploits/7109
- http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html
- http://secunia.com/advisories/32696
- http://www.osvdb.org/49998
- http://www.osvdb.org/49999
- http://www.securityfocus.com/archive/1/498575
- http://www.securityfocus.com/archive/1/498602
- http://www.securityfocus.com/archive/1/498770
- http://www.securityfocus.com/archive/1/498771
- http://www.securityfocus.com/archive/1/498865
- http://www.securityfocus.com/bid/32287
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46600
- https://www.exploit-db.com/exploits/7109
Products affected by CVE-2008-6938
-
cpe:2.3:a:holger_zimmermann:pi3web:*
-
cpe:2.3:a:holger_zimmermann:pi3web:1.0.1
-
cpe:2.3:a:holger_zimmermann:pi3web:2.0
-
cpe:2.3:a:holger_zimmermann:pi3web:2.0.1
-
cpe:2.3:a:holger_zimmermann:pi3web:2.0.2_beta_1