← back
CVE-2007-3009

CVE-2007-3009

EPSS 2.2%
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30187unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/25641http://www.appwebserver.org/forum/viewtopic.php?t=969http://www.osvdb.org/35510http://www.securityfocus.com/bid/24454http://www.vupen.com/english/advisories/2007/2159