PT-2007-6170 · Imatix · Imatix Xitami Web Server

H07

Published

2007-09-24

Updated

2017-09-29

CVE-2007-5067

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions iMatix Xitami Web Server version 2.5c2

Description The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by sending a long If-Modified-Since header to either xigui32.exe or xitami.exe.

Recommendations For iMatix Xitami Web Server version 2.5c2, consider updating to a newer version that addresses these buffer overflows, or as a temporary workaround, restrict access to xigui32.exe and xitami.exe to minimize the risk of exploitation.

Exploit

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-5067

Affected Products

Imatix Xitami Web Server

PT-2007-6170 · Imatix · Imatix Xitami Web Server

CVE-2007-5067

Weakness Enumeration

Related Identifiers

Affected Products

References · 9