CVE-2007-5824

EPSS 15.14%
Veröffentlicht 05.11.2007 19:46:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Firefly ≫ Media Server Version <= 0.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.14%	0.94

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.gentoo.org/show_bug.cgi?id=200110

http://secunia.com/advisories/28269

http://secunia.com/advisories/30661

http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679

http://www.debian.org/security/2008/dsa-1597

http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml

http://www.securityfocus.com/archive/1/483210/100/0/threaded

http://www.securityfocus.com/archive/1/483211/100/0/threaded

http://www.securityfocus.com/archive/1/483215/100/0/threaded

http://www.securityfocus.com/bid/26309

https://exchange.xforce.ibmcloud.com/vulnerabilities/38241

https://exchange.xforce.ibmcloud.com/vulnerabilities/38242