CVE-2009-4769

httpdx <1.5 - RCE

Title source: llm

Description

Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16794

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16732

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/httpdx_tolog_format.rb

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/httpdx_tolog_format.rb

View Code ZIP pw:eip

References (5)

[Exploit] http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb

[Third Party Advisory, VDB Entry] http://osvdb.org/60181

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/3312

[Exploit] http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb

[Third Party Advisory, VDB Entry] http://osvdb.org/60182

Scores

EPSS 0.6214

EPSS Percentile 98.4%

Details

CWE

CWE-134

Status published

Products (5)

jasper/httpdx 1.4

jasper/httpdx 1.4.5

jasper/httpdx 1.4.6

jasper/httpdx 1.4.6b

jasper/httpdx 1.5

Published Apr 20, 2010

Tracked Since Feb 18, 2026