CVE-2007-3009
Mbedthis AppWeb 2.0.5-4 - Denial of Service via Format String in HTTP Scheme
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3009. PoCs published by Nir Rachmel.
AI-analyzed exploit summary The provided text describes a format-string vulnerability in Mbedthis AppWeb, where unsanitized user input is passed to a formatted-printing function. The exploit requires logging to be enabled and no 'ErrorLog' directive in the configuration, potentially leading to remote code execution or denial of service.
Description
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
Exploits (1)
The provided text describes a format-string vulnerability in Mbedthis AppWeb, where unsanitized user input is passed to a formatted-printing function. The exploit requires logging to be enabled and no 'ErrorLog' directive in the configuration, potentially leading to remote code execution or denial of service.