Vulnerability Details : CVE-2009-4769
Public exploit exists!
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-4769
Probability of exploitation activity in the next 30 days: 82.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2009-4769
-
HTTPDX tolog() Function Format String Vulnerability
Disclosure Date: 2009-11-17First seen: 2020-04-26exploit/windows/http/httpdx_tolog_formatThis module exploits a format string vulnerability in HTTPDX HTTP server. By sending a specially crafted HTTP request containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the ' -
HTTPDX tolog() Function Format String Vulnerability
Disclosure Date: 2009-11-17First seen: 2020-04-26exploit/windows/ftp/httpdx_tolog_formatThis module exploits a format string vulnerability in HTTPDX FTP server. By sending a specially crafted FTP command containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the 'mo
CVSS scores for CVE-2009-4769
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-4769
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-4769
-
http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb
Exploit
-
http://www.vupen.com/english/advisories/2009/3312
Vendor Advisory
-
http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb
Exploit
Products affected by CVE-2009-4769
- cpe:2.3:a:jasper:httpdx:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:jasper:httpdx:1.4.6b:*:*:*:*:*:*:*
- cpe:2.3:a:jasper:httpdx:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:jasper:httpdx:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:jasper:httpdx:1.5:*:*:*:*:*:*:*