CVE-2009-3663

Jasper Httpdx - Format String Vulnerability

Title source: rule

Description

Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pankaj Kohli · perldoswindows

https://www.exploit-db.com/exploits/9657

View Code ZIP pw:eip

References (6)

[Product] http://httpdx.sourceforge.net/downloads/changelog.log

[Vendor Advisory] http://secunia.com/advisories/36734

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/2654

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53205

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9657

[Third Party Advisory, VDB Entry] http://osvdb.org/58129

Scores

EPSS 0.1766

EPSS Percentile 95.1%

Details

CWE

CWE-134

Status published

Products (1)

jasper/httpdx 1.4

Published Oct 11, 2009

Tracked Since Feb 18, 2026