Vulnerabilities > CVE-2007-3009 - Unspecified vulnerability in Mbedthis Software Mbedthis Appweb Http Server 2.0.54
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mbedthis-software
exploit available
Summary
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability. CVE-2007-3009. Dos exploits for multiple platform |
| id | EDB-ID:30187 |
| last seen | 2016-02-03 |
| modified | 2007-06-12 |
| published | 2007-06-12 |
| reporter | Nir Rachmel |
| source | https://www.exploit-db.com/download/30187/ |
| title | Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability |
References
- http://secunia.com/advisories/25641
- http://secunia.com/advisories/25641
- http://www.appwebserver.org/forum/viewtopic.php?t=969
- http://www.appwebserver.org/forum/viewtopic.php?t=969
- http://www.osvdb.org/35510
- http://www.osvdb.org/35510
- http://www.securityfocus.com/bid/24454
- http://www.securityfocus.com/bid/24454
- http://www.vupen.com/english/advisories/2007/2159
- http://www.vupen.com/english/advisories/2007/2159