CVE-2008-6519

Name of the Vulnerable Software and Affected Versions Xitami Web Server versions 2.2a through 2.5c2

Description The issue allows remote attackers to cause a denial of service, potentially leading to a daemon crash, and may also enable the execution of arbitrary code. This is achieved through format string specifiers in a Long Running Web Process (LRWP) request. The vulnerability triggers incorrect logging code involving the sendfmt function in the SMT kernel.

Recommendations For Xitami Web Server versions 2.2a through 2.5c2, consider disabling the Long Running Web Process (LRWP) request functionality until a patch is available to prevent potential exploitation. Additionally, restrict access to the SMT kernel's logging functionality to minimize the risk of incorrect logging code being triggered.