Bug: Easy Address Book Web Server Format String Vulnerability ( Ascii Version )

Search:
WLB2

Easy Address Book Web Server Format String Vulnerability

Published
Credit
Risk
2006.09.12
Revnic Vasile
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-4654
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.1/10
6.4/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

Easy Address Book Web Server Format String Vulnerability

Software: Easy Address Book Web Server

Version: 1.2

Website: http://www.efssoft.com/

Description:

Easy Address Book Web Server is a Web Address Book software that allows users to view, search, add, edit, or administer
address books easily through a Web Browser.

Vulnerability:

By sending a specially crafted HTTP request, a remote attacker can crash or compromise the server.

Denial of Service example:

http://[host]/?%25n

Credit:

Discovered by Revnic Vasile

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version