Vulnerabilites related to jasper - httpdx
CVE-2009-3711 (GCVE-0-2009-3711)
Vulnerability from cvelistv5
Published
2009-10-16 16:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2874 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53700 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=125544914512291&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/58714 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/507042/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/36991 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.pank4j.com/exploits/httpdxb0f.php | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/507073/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36991"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36991"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"refsource": "OSVDB",
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36991"
},
{
"name": "http://www.pank4j.com/exploits/httpdxb0f.php",
"refsource": "MISC",
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3711",
"datePublished": "2009-10-16T16:00:00",
"dateReserved": "2009-10-16T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4531 (GCVE-0-2009-4531)
Vulnerability from cvelistv5
Published
2009-12-31 19:00
Modified
2024-08-07 07:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freetexthost.com/eiyfyt0km5 | x_refsource_MISC | |
| http://www.osvdb.org/58857 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53733 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt | x_refsource_MISC | |
| http://secunia.com/advisories/37013 | third-party-advisory, x_refsource_SECUNIA | |
| http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freetexthost.com/eiyfyt0km5",
"refsource": "MISC",
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"name": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37013"
},
{
"name": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html",
"refsource": "MISC",
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4531",
"datePublished": "2009-12-31T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T07:08:38.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4769 (GCVE-0-2009-4769)
Vulnerability from cvelistv5
Published
2010-04-20 14:00
Modified
2024-09-17 01:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb | x_refsource_MISC | |
| http://osvdb.org/60181 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2009/3312 | vdb-entry, x_refsource_VUPEN | |
| http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb | x_refsource_MISC | |
| http://osvdb.org/60182 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"refsource": "OSVDB",
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"refsource": "OSVDB",
"url": "http://osvdb.org/60182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4769",
"datePublished": "2010-04-20T14:00:00Z",
"dateReserved": "2010-04-20T00:00:00Z",
"dateUpdated": "2024-09-17T01:40:43.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3663 (GCVE-0-2009-3663)
Vulnerability from cvelistv5
Published
2009-10-11 22:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/58129 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53205 | vdb-entry, x_refsource_XF | |
| http://www.exploit-db.com/exploits/9657 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/36734 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/2654 | vdb-entry, x_refsource_VUPEN | |
| http://httpdx.sourceforge.net/downloads/changelog.log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "58129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58129",
"refsource": "OSVDB",
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"name": "http://httpdx.sourceforge.net/downloads/changelog.log",
"refsource": "CONFIRM",
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3663",
"datePublished": "2009-10-11T22:00:00",
"dateReserved": "2009-10-11T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4770 (GCVE-0-2009-4770)
Vulnerability from cvelistv5
Published
2010-04-20 14:00
Modified
2024-09-16 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4770",
"datePublished": "2010-04-20T14:00:00Z",
"dateReserved": "2010-04-20T00:00:00Z",
"dateUpdated": "2024-09-16T23:42:05.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0419 (GCVE-0-2024-0419)
Vulnerability from cvelistv5
Published
2024-01-11 18:31
Modified
2024-10-25 20:34
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Denial of Service
Summary
A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.250439 | vdb-entry | |
| https://vuldb.com/?ctiid.250439 | signature, permissions-required | |
| https://www.youtube.com/watch?v=6dAWGH0-6TY | media-coverage | |
| https://cxsecurity.com/issue/WLB-2024010027 | exploit, issue-tracking |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.250439"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250439"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=6dAWGH0-6TY"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2024010027"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:34:03.936761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:34:35.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "httpdx",
"vendor": "Jasper",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "fernando.mengali (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Jasper httpdx bis 1.5.4 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente HTTP POST Request Handler. Mit der Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T18:31:04.097Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.250439"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250439"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.youtube.com/watch?v=6dAWGH0-6TY"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://cxsecurity.com/issue/WLB-2024010027"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-11T11:39:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Jasper httpdx HTTP POST Request denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0419",
"datePublished": "2024-01-11T18:31:04.097Z",
"dateReserved": "2024-01-11T10:34:08.392Z",
"dateUpdated": "2024-10-25T20:34:35.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-04-20 14:30
Modified
2025-04-11 00:51
Severity ?
Summary
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D490B4E8-E863-4856-8031-3E08FBED4E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "595ADCF1-10CB-4346-A31A-2FAE38ADD865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2672204F-D5AC-4B04-BF24-41B8CD25FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BDE986-0CDB-4BAC-A11C-4F26BEBFC741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E6E22C-3EC6-4435-8256-D7777AE080B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
},
{
"lang": "es",
"value": "El componente servidor FTP de httpdx v1.4, v1.4.5, v1.4.6, v1.4.6b, y v1.5 tiene la contrase\u00f1a por defecto pass123 para la cuenta \"moderator\" (moderador), lo que facilita a los atacantes remotos obtener acceso privilegidado."
}
],
"id": "CVE-2009-4770",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T14:30:01.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-16 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D490B4E8-E863-4856-8031-3E08FBED4E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2C8BF8-73D0-4F02-B9DB-6211FA68F72D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en la funci\u00f3n h_handlepeer en http.cpp en httpdx v1.4, y posiblemente v1.4.3, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud HTTP GET larga."
}
],
"id": "CVE-2009-3711",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-16T16:30:01.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/58714"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36991"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-11 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D490B4E8-E863-4856-8031-3E08FBED4E66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la funci\u00f3n h_readrequest en http.c en httpdx Web Server v1.4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de especificadores de formato de cadena en la cabecera Host."
}
],
"id": "CVE-2009-3663",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-11T22:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/58129"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36734"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-20 14:30
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D490B4E8-E863-4856-8031-3E08FBED4E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "595ADCF1-10CB-4346-A31A-2FAE38ADD865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2672204F-D5AC-4B04-BF24-41B8CD25FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BDE986-0CDB-4BAC-A11C-4F26BEBFC741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E6E22C-3EC6-4435-8256-D7777AE080B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de formato de cadena en la funci\u00f3n tolog de httpdx v1.4, v1.4.5, v1.4.6, v1.4.6b, y v1.5 permiten (1) a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de especificadores de formato de cadena en una petici\u00f3n GET al componente de servidor HTTP cuando las trazas (logging) est\u00e1n habilitadas, y permiten (2) a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de especificadores de formato de cadena en un comando PWD al componente de servidor FTP."
}
],
"id": "CVE-2009-4769",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T14:30:01.333",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60181"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60182"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3312"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-31 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jasper:httpdx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "745D8ED9-0633-4F2B-8CB1-C6C5DF9CDABB",
"versionEndIncluding": "1.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D490B4E8-E863-4856-8031-3E08FBED4E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jasper:httpdx:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2C8BF8-73D0-4F02-B9DB-6211FA68F72D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
},
{
"lang": "es",
"value": "httpdx v1.4.4 y anteriores, permite a atacantes remotos obtener el c\u00f3digo fuente de una p\u00e1gina web a\u00f1adiendo un car\u00e1cter . (punto) a la URI."
}
],
"id": "CVE-2009-4531",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-31T19:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37013"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/58857"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/58857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}