7.5
CVE-2005-1122
- EPSS 2.69%
- Veröffentlicht 14.04.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginFormat string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Monkey-project ≫ Monkey Version <= 0.9.0
Monkey-project ≫ Monkey Version0.1.1
Monkey-project ≫ Monkey Version0.5.2
Monkey-project ≫ Monkey Version0.6.0
Monkey-project ≫ Monkey Version0.6.1
Monkey-project ≫ Monkey Version0.6.2
Monkey-project ≫ Monkey Version0.6.3
Monkey-project ≫ Monkey Version0.7.0
Monkey-project ≫ Monkey Version0.7.1
Monkey-project ≫ Monkey Version0.7.2
Monkey-project ≫ Monkey Version0.8.0
Monkey-project ≫ Monkey Version0.8.1
Monkey-project ≫ Monkey Version0.8.2
Monkey-project ≫ Monkey Version0.8.3
Monkey-project ≫ Monkey Version0.8.4
Monkey-project ≫ Monkey Version0.8.4 Update2
Monkey-project ≫ Monkey Version0.8.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.69% | 0.839 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
http://bugs.gentoo.org/show_bug.cgi?id=87916
http://secunia.com/advisories/14953
http://security.gentoo.org/glsa/glsa-200504-14.xml
http://www.osvdb.org/15511