4.3
CVE-2008-6938
- EPSS 26.49%
- Veröffentlicht 11.08.2009 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:03:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Holger Zimmermann ≫ Pi3web Version <= 2.0.3_pl1
Holger Zimmermann ≫ Pi3web Version1.0.1
Holger Zimmermann ≫ Pi3web Version2.0
Holger Zimmermann ≫ Pi3web Version2.0.1
Holger Zimmermann ≫ Pi3web Version2.0.2_beta_1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 26.49% | 0.977 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html
http://secunia.com/advisories/32696
http://www.osvdb.org/49998
http://www.osvdb.org/49999
http://www.securityfocus.com/archive/1/498575
http://www.securityfocus.com/archive/1/498602
http://www.securityfocus.com/archive/1/498770
http://www.securityfocus.com/archive/1/498771
http://www.securityfocus.com/archive/1/498865
http://www.securityfocus.com/bid/32287
https://exchange.xforce.ibmcloud.com/vulnerabilities/46600
https://www.exploit-db.com/exploits/7109