CVE-2008-6519

Imatix Xitami - Format String Vulnerability

Title source: rule

Description

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

Exploits (1)

exploitdb WORKING POC VERIFIED
by bratax · cdoswindows
https://www.exploit-db.com/exploits/5354

References (4)

Scores

EPSS 0.0947
EPSS Percentile 92.8%

Details

CWE
CWE-134
Status published
Products (5)
imatix/xitami 2.2a
imatix/xitami 2.4
imatix/xitami 2.4d7 (2 CPE variants)
imatix/xitami 2.5
imatix/xitami 2.5c2
Published Mar 25, 2009
Tracked Since Feb 18, 2026