Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/25641 - | |
References | () http://www.appwebserver.org/forum/viewtopic.php?t=969 - | |
References | () http://www.osvdb.org/35510 - | |
References | () http://www.securityfocus.com/bid/24454 - | |
References | () http://www.vupen.com/english/advisories/2007/2159 - |
Information
Published : 2007-06-04 17:30
Updated : 2024-11-21 00:32
NVD link : CVE-2007-3009
Mitre link : CVE-2007-3009
CVE.ORG link : CVE-2007-3009
JSON object : View
Products Affected
mbedthis_software
- mbedthis_appweb_http_server
CWE