Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for httpdx by jasper
CVE-2024-0419 (GCVE-0-2024-0419)
Vulnerability from cvelistv5 – Published: 2024-01-11 18:31 – Updated: 2024-10-25 20:34
VLAI
Title
Jasper httpdx HTTP POST Request denial of service
Summary
A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.250439 | vdb-entry |
| https://vuldb.com/?ctiid.250439 | signaturepermissions-required |
| https://www.youtube.com/watch?v=6dAWGH0-6TY | media-coverage |
| https://cxsecurity.com/issue/WLB-2024010027 | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.250439"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250439"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=6dAWGH0-6TY"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2024010027"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:34:03.936761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:34:35.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "httpdx",
"vendor": "Jasper",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "fernando.mengali (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Jasper httpdx bis 1.5.4 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente HTTP POST Request Handler. Mit der Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T18:31:04.097Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.250439"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250439"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.youtube.com/watch?v=6dAWGH0-6TY"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://cxsecurity.com/issue/WLB-2024010027"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-11T11:39:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Jasper httpdx HTTP POST Request denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0419",
"datePublished": "2024-01-11T18:31:04.097Z",
"dateReserved": "2024-01-11T10:34:08.392Z",
"dateUpdated": "2024-10-25T20:34:35.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4769 (GCVE-0-2009-4769)
Vulnerability from cvelistv5 – Published: 2010-04-20 14:00 – Updated: 2024-09-17 01:40
VLAI
Summary
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.metasploit.com/redmine/projects/framew… | x_refsource_MISC |
| http://osvdb.org/60181 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2009/3312 | vdb-entryx_refsource_VUPEN |
| http://www.metasploit.com/redmine/projects/framew… | x_refsource_MISC |
| http://osvdb.org/60182 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"refsource": "OSVDB",
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"refsource": "OSVDB",
"url": "http://osvdb.org/60182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4769",
"datePublished": "2010-04-20T14:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:40:43.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4770 (GCVE-0-2009-4770)
Vulnerability from cvelistv5 – Published: 2010-04-20 14:00 – Updated: 2024-09-16 23:42
VLAI
Summary
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.metasploit.com/redmine/projects/framew… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4770",
"datePublished": "2010-04-20T14:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:42:05.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4531 (GCVE-0-2009-4531)
Vulnerability from cvelistv5 – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI
Summary
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://freetexthost.com/eiyfyt0km5 | x_refsource_MISC |
| http://www.osvdb.org/58857 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/0910-exploits/http… | x_refsource_MISC |
| http://secunia.com/advisories/37013 | third-party-advisoryx_refsource_SECUNIA |
| http://pocoftheday.blogspot.com/2009/10/httpdx-14… | x_refsource_MISC |
Date Public
2009-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freetexthost.com/eiyfyt0km5",
"refsource": "MISC",
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"name": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37013"
},
{
"name": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html",
"refsource": "MISC",
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4531",
"datePublished": "2009-12-31T19:00:00.000Z",
"dateReserved": "2009-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:38.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3711 (GCVE-0-2009-3711)
Vulnerability from cvelistv5 – Published: 2009-10-16 16:00 – Updated: 2024-08-07 06:38
VLAI
Summary
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/2874 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=125544914512291&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/58714 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/507042/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/36991 | third-party-advisoryx_refsource_SECUNIA |
| http://www.pank4j.com/exploits/httpdxb0f.php | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/507073/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2009-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36991"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36991"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"refsource": "OSVDB",
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36991"
},
{
"name": "http://www.pank4j.com/exploits/httpdxb0f.php",
"refsource": "MISC",
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3711",
"datePublished": "2009-10-16T16:00:00.000Z",
"dateReserved": "2009-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:38:30.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3663 (GCVE-0-2009-3663)
Vulnerability from cvelistv5 – Published: 2009-10-11 22:00 – Updated: 2024-08-07 06:38
VLAI
Summary
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/58129 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/9657 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/36734 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2009/2654 | vdb-entryx_refsource_VUPEN |
| http://httpdx.sourceforge.net/downloads/changelog.log | x_refsource_CONFIRM |
Date Public
2009-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "58129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58129",
"refsource": "OSVDB",
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"name": "http://httpdx.sourceforge.net/downloads/changelog.log",
"refsource": "CONFIRM",
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3663",
"datePublished": "2009-10-11T22:00:00.000Z",
"dateReserved": "2009-10-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:38:30.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0419 (GCVE-0-2024-0419)
Vulnerability from nvd – Published: 2024-01-11 18:31 – Updated: 2024-10-25 20:34
VLAI
Title
Jasper httpdx HTTP POST Request denial of service
Summary
A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.250439 | vdb-entry |
| https://vuldb.com/?ctiid.250439 | signaturepermissions-required |
| https://www.youtube.com/watch?v=6dAWGH0-6TY | media-coverage |
| https://cxsecurity.com/issue/WLB-2024010027 | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.250439"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250439"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=6dAWGH0-6TY"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2024010027"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:34:03.936761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:34:35.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "httpdx",
"vendor": "Jasper",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "fernando.mengali (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Jasper httpdx bis 1.5.4 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente HTTP POST Request Handler. Mit der Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T18:31:04.097Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.250439"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250439"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.youtube.com/watch?v=6dAWGH0-6TY"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://cxsecurity.com/issue/WLB-2024010027"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-11T11:39:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Jasper httpdx HTTP POST Request denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0419",
"datePublished": "2024-01-11T18:31:04.097Z",
"dateReserved": "2024-01-11T10:34:08.392Z",
"dateUpdated": "2024-10-25T20:34:35.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4770 (GCVE-0-2009-4770)
Vulnerability from nvd – Published: 2010-04-20 14:00 – Updated: 2024-09-16 23:42
VLAI
Summary
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.metasploit.com/redmine/projects/framew… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4770",
"datePublished": "2010-04-20T14:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:42:05.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4769 (GCVE-0-2009-4769)
Vulnerability from nvd – Published: 2010-04-20 14:00 – Updated: 2024-09-17 01:40
VLAI
Summary
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.metasploit.com/redmine/projects/framew… | x_refsource_MISC |
| http://osvdb.org/60181 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2009/3312 | vdb-entryx_refsource_VUPEN |
| http://www.metasploit.com/redmine/projects/framew… | x_refsource_MISC |
| http://osvdb.org/60182 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"refsource": "OSVDB",
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"refsource": "OSVDB",
"url": "http://osvdb.org/60182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4769",
"datePublished": "2010-04-20T14:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:40:43.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4531 (GCVE-0-2009-4531)
Vulnerability from nvd – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI
Summary
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://freetexthost.com/eiyfyt0km5 | x_refsource_MISC |
| http://www.osvdb.org/58857 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/0910-exploits/http… | x_refsource_MISC |
| http://secunia.com/advisories/37013 | third-party-advisoryx_refsource_SECUNIA |
| http://pocoftheday.blogspot.com/2009/10/httpdx-14… | x_refsource_MISC |
Date Public
2009-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freetexthost.com/eiyfyt0km5",
"refsource": "MISC",
"url": "http://freetexthost.com/eiyfyt0km5"
},
{
"name": "58857",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58857"
},
{
"name": "httpdx-http-information-disclosure(53733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"name": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37013"
},
{
"name": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html",
"refsource": "MISC",
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4531",
"datePublished": "2009-12-31T19:00:00.000Z",
"dateReserved": "2009-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:38.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3711 (GCVE-0-2009-3711)
Vulnerability from nvd – Published: 2009-10-16 16:00 – Updated: 2024-08-07 06:38
VLAI
Summary
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/2874 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=125544914512291&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/58714 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/507042/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/36991 | third-party-advisoryx_refsource_SECUNIA |
| http://www.pank4j.com/exploits/httpdxb0f.php | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/507073/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2009-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36991"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36991"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2874"
},
{
"name": "httpdx-hhandlepeer-bo(53700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53700"
},
{
"name": "20091010 http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=125544914512291\u0026w=2"
},
{
"name": "58714",
"refsource": "OSVDB",
"url": "http://osvdb.org/58714"
},
{
"name": "20091008 Remote buffer overflow in httpdx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507042/100/0/threaded"
},
{
"name": "36991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36991"
},
{
"name": "http://www.pank4j.com/exploits/httpdxb0f.php",
"refsource": "MISC",
"url": "http://www.pank4j.com/exploits/httpdxb0f.php"
},
{
"name": "20091009 Re: Remote buffer overflow in httpdx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507073/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3711",
"datePublished": "2009-10-16T16:00:00.000Z",
"dateReserved": "2009-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:38:30.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3663 (GCVE-0-2009-3663)
Vulnerability from nvd – Published: 2009-10-11 22:00 – Updated: 2024-08-07 06:38
VLAI
Summary
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/58129 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/9657 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/36734 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2009/2654 | vdb-entryx_refsource_VUPEN |
| http://httpdx.sourceforge.net/downloads/changelog.log | x_refsource_CONFIRM |
Date Public
2009-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "58129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58129",
"refsource": "OSVDB",
"url": "http://osvdb.org/58129"
},
{
"name": "httpdx-hostheader-format-string(53205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205"
},
{
"name": "9657",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9657"
},
{
"name": "36734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36734"
},
{
"name": "ADV-2009-2654",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2654"
},
{
"name": "http://httpdx.sourceforge.net/downloads/changelog.log",
"refsource": "CONFIRM",
"url": "http://httpdx.sourceforge.net/downloads/changelog.log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3663",
"datePublished": "2009-10-11T22:00:00.000Z",
"dateReserved": "2009-10-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:38:30.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}