PT-2004-1409 · Xlight · Xlight

Intuit

Published

2004-03-18

Updated

2017-07-11

CVE-2004-0255

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Xlight version 1.52

Description The issue allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters. This causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.

Recommendations For Xlight version 1.52, consider disabling the log to screen feature as a temporary workaround to minimize the risk of exploitation. Restrict access to the log file to prevent administrators from viewing it until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0255

Affected Products

Xlight

PT-2004-1409 · Xlight · Xlight

CVE-2004-0255

Related Identifiers

Affected Products

References · 5