CVE-2007-5265

Sažetak

Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions.

Reference

http://aluigi.altervista.org/adv/dawnfs-adv.txt
http://forums.dawnoftime.org/viewtopic.php?t=2102
http://secunia.com/advisories/27083
http://securityreason.com/securityalert/3201
http://www.securityfocus.com/archive/1/481619/100/0/threaded
http://www.securityfocus.com/bid/25944
http://www.vupen.com/english/advisories/2007/3418
https://exchange.xforce.ibmcloud.com/vulnerabilities/36973

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-10-2018 - 21:41

Objavljeno

08-10-2007 - 21:17