PT-2007-6348 · Unknown · Dawn Of Time
Publicado
2007-10-08
·
Atualizado
2018-10-15
·
CVE-2007-5265
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Dawn of Time versions 1.69s beta4 and earlier
Description:
The issue allows remote attackers to execute arbitrary code via format string specifiers in the
username or password fields when accessing certain restricted zones. The processWebHeader and filterWebRequest functions do not properly handle these fields.Recommendations:
For Dawn of Time versions 1.69s beta4 and earlier, as a temporary workaround, consider restricting access to the restricted zones until a patch is available. Avoid using format string specifiers in the
username and password fields. Restrict the use of the processWebHeader and filterWebRequest functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Correção
Use of Externally-Controlled Format String
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dawn Of Time