CVE-2008-6520
Xitami Web Server 2.5c2 - Remote Code Execution via SSI Filter Format String
Title source: llmDescription
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28603
Exploit x_refsource_misc
http://www.bratax.be/advisories/b013.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41645
Scores
EPSS
0.0485
EPSS Percentile
90.9%
Details
CWE
CWE-134
Status
published
Products (1)
imatix/xitami
2.5c2
Published
Mar 25, 2009
Tracked Since
Feb 18, 2026