Vulnerability Details : CVE-2010-2271
Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2010-2271
Probability of exploitation activity in the next 30 days: 0.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2271
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-2271
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2271
-
http://www.kb.cert.org/vuls/id/245081
VU#245081 - Accoria Rock Web Server contains multiple vulnerabilitiesUS Government Resource
-
http://www.ioactive.com/pdfs/AccoriaWebServer.pdf
Page not found | IOActiveExploit
Products affected by CVE-2010-2271
- cpe:2.3:a:accoria:rock_web_server:1.4.7:*:*:*:*:*:*:*