Mbedthis AppWeb URL Protocol Format String Vulnerability
TITLE: Mbedthis AppWeb URL Protocol Format String Vulnerability
CLASS: Input Validation Error
CVE: CVE-2007-3009
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 13 2007 06:49PM
CREDIT: Nir Rachmel is credited with discovering this issue.
VULNERABLE:
Mbedthis AppWeb 2.2.2NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
This issue affects only applications that were built with logging enabled and installed with no "ErrorLog" directive in 'appweb.conf'.
Successful exploits may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.
AppWeb 2.2.2 is reported vulnerable; other versions may also be affected.
Exploit
An attacker may exploit this issue through a browser.
The following example request is available:
'GET %n://localhost:80/" request'
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Support for the AppWeb HTTP Server (appwebserver forum)
- Mbedthis AppWeb Homepage (Mbedthis AppWeb)