CVE-2009-4501

Zabbix < 1.6.8 - Denial of Service via Missing Separators in Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4501. PoCs published by Nicob.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple remote vulnerabilities in Zabbix Server, including remote command execution, SQL injection, and denial-of-service (NULL dereference). It references specific faulty source code functions and patched versions.

Description

The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Nicob · textwebappsmultiple

https://www.exploit-db.com/exploits/10432

View Code ZIP pw:eip

This is a vulnerability writeup detailing multiple remote vulnerabilities in Zabbix Server, including remote command execution, SQL injection, and denial-of-service (NULL dereference). It references specific faulty source code functions and patched versions.

Classification

Writeup 90%

Attack Type

Rce | Sqli | Dos

Complexity

Moderate

Reliability

Theoretical

Target: Zabbix Server (versions 1.6.6, 1.6.7, 1.6.8, 1.8)

No auth needed

Prerequisites: Network access to Zabbix Server

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/508436/30/60/threaded

Various Sources x_refsource_confirm

https://support.zabbix.com/browse/ZBX-1355

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37740

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3514

Scores

EPSS 0.0853

EPSS Percentile 94.4%

Details

CWE

CWE-119

Status published

Products (10)

zabbix/zabbix 1.1.2

zabbix/zabbix 1.1.3

zabbix/zabbix 1.1.4

zabbix/zabbix 1.1.5

zabbix/zabbix 1.4.2

zabbix/zabbix 1.4.3

zabbix/zabbix 1.4.4

zabbix/zabbix 1.4.6

zabbix/zabbix 1.6.6

zabbix/zabbix < 1.6.7

Published Dec 31, 2009

Tracked Since Feb 18, 2026