CVE-2009-4769 Information

Feb 14, 2021 cve

Description

Multiple format string vulnerabilities in the tolog function in httpdx 1.4 1.4.5 1.4.6 1.4.6b and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.

Reference

http://osvdb.org/60181 http://osvdb.org/60182 http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb http://www.vupen.com/english/advisories/2009/3312

Share on: