Vulnerabilities > CVE-2007-3009 - Unspecified vulnerability in Mbedthis Software Mbedthis Appweb Http Server 2.0.54
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability. CVE-2007-3009. Dos exploits for multiple platform |
| id | EDB-ID:30187 |
| last seen | 2016-02-03 |
| modified | 2007-06-12 |
| published | 2007-06-12 |
| reporter | Nir Rachmel |
| source | https://www.exploit-db.com/download/30187/ |
| title | Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability |