Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
CVSS Score
10.0
EPSS Score
0.057
Published
2009-03-25
Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-07-02