CVE-2007-3009 - Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when

CVE-2007-3009

Summary

Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.

References

Vulnerable Configurations

cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.5-4:*:*:*:*:*:*:*
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.5-4:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-03-2011 - 02:55)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	24454
misc	http://www.appwebserver.org/forum/viewtopic.php?t=969
osvdb	35510
secunia	25641
vupen	ADV-2007-2159

Last major update

08-03-2011 - 02:55

Published

04-06-2007 - 17:30

Last modified

08-03-2011 - 02:55