PT-2009-2407 · Pi3 · Pi3Web

Hamid Ebadi

Published

2009-08-11

Updated

2017-09-29

CVE-2008-6938

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Pi3Web versions 2.0.3 before PL2

Description: The issue allows remote attackers to cause a denial of service, resulting in a crash or hang, and obtain the full pathname of the server. This is achieved by sending a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails.

Recommendations: For Pi3Web version 2.0.3 before PL2, apply the PL2 patch to resolve the issue.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-6938

Affected Products

Pi3Web

PT-2009-2407 · Pi3 · Pi3Web

CVE-2008-6938

Weakness Enumeration

Related Identifiers

Affected Products

References · 15