PT-2005-3973 · Alibaba · Weex

Ulf Harnhammar

Published

2005-10-05

Updated

2008-09-05

CVE-2005-3150

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Weex versions 2.6.1 through 2.6.1.5

Description The issue allows remote FTP servers to execute arbitrary code via format strings in filenames. This is due to a format string vulnerability in the Log Flush function.

Recommendations For versions 2.6.1 through 2.6.1.5, consider disabling the Log Flush function until a patch is available to prevent remote code execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3150

DSA-855-1

Affected Products

Weex

PT-2005-3973 · Alibaba · Weex

CVE-2005-3150

Related Identifiers

Affected Products

References · 11