Published: 04/06/2007 Updated: 08/03/2011

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Subscribe to Mbedthis Appweb Http Server

Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote malicious users to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mbedthis software mbedthis appweb http server 2.0.5-4

source: wwwsecurityfocuscom/bid/24454/info Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function This issue affects only applications that were built with logging enabled and installed wit ...

NVD-CWE-Other http://www.appwebserver.org/forum/viewtopic.php?t=969 http://www.securityfocus.com/bid/24454 http://www.osvdb.org/35510 http://secunia.com/advisories/25641 http://www.vupen.com/english/advisories/2007/2159 https://nvd.nist.gov https://www.exploit-db.com/exploits/30187/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-3009

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect