Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6938

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6938
Last Modified 18 Aug 2009 12:00:00
Published 11 Aug 2009 05:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6938

Summary

Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.

Vulnerable Systems

Application

  • Holger Zimmermann Pi3web 1.0.1

  • Holger Zimmermann Pi3web 2.0

  • Holger Zimmermann Pi3web 2.0.1

  • Holger Zimmermann Pi3web 2.0.2 Beta 1

  • Holger Zimmermann Pi3web 2.0.3 Pl1


References

XF - pi3web-isapi-dos(46600)

BID - 32287

BUGTRAQ - 20081203 Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability

BUGTRAQ - 20081201 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability

BUGTRAQ - 20081130 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability

BUGTRAQ - 20081124 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability

BUGTRAQ - 20081122 Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability

OSVDB - 49999

OSVDB - 49998

MILW0RM - 7109

SECUNIA - 32696

BUGTRAQ - 20081122 Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability


Last Updated: 27 May 2016 10:49:24