Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-03-25T18:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2009-03-25T00:00:00
Link: CVE-2008-6520
JSON object: View
NVD Information
Status : Modified
Published: 2009-03-25T18:30:00.297
Modified: 2017-08-17T01:29:21.613
Link: CVE-2008-6520
JSON object: View
Redhat Information
No data.
CWE