CVE-2009-3663
published 2009-10-11CVE-2009-3663: Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or…
PriorityP354critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.63%
96.2th percentile
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper | httpdx | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gj4q-m5q3-4wfq: Format string vulnerability in the h_readrequest function in http
ghsa_unreviewed·2022-05-02
CVE-2009-3663 [HIGH] CWE-134 GHSA-gj4q-m5q3-4wfq: Format string vulnerability in the h_readrequest function in http
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
Red Hat
squirrelmail: session management flaw
vendor_redhat·2009-01-15·CVSS 5.0
CVE-2009-0030 [MEDIUM] squirrelmail: session management flaw
squirrelmail: session management flaw
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
No detection rules found.
http://httpdx.sourceforge.net/downloads/changelog.loghttp://osvdb.org/58129http://secunia.com/advisories/36734http://www.exploit-db.com/exploits/9657http://www.vupen.com/english/advisories/2009/2654https://exchange.xforce.ibmcloud.com/vulnerabilities/53205http://httpdx.sourceforge.net/downloads/changelog.loghttp://osvdb.org/58129http://secunia.com/advisories/36734http://www.exploit-db.com/exploits/9657http://www.vupen.com/english/advisories/2009/2654https://exchange.xforce.ibmcloud.com/vulnerabilities/53205
2009-10-11
Published