CVE-2007-5824
CVE-2007-5824
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/4600unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.gentoo.org/show_bug.cgi?id=200110http://secunia.com/advisories/28269http://secunia.com/advisories/30661https://exchange.xforce.ibmcloud.com/vulnerabilities/38241https://exchange.xforce.ibmcloud.com/vulnerabilities/38242http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679https://www.exploit-db.com/exploits/4600http://www.debian.org/security/2008/dsa-1597http://www.gentoo.org/security/en/glsa/glsa-200712-18.xmlhttp://www.securityfocus.com/archive/1/483210/100/0/threadedhttp://www.securityfocus.com/archive/1/483211/100/0/threadedhttp://www.securityfocus.com/archive/1/483215/100/0/threaded