PT-2010-3857 · Accoria · Accoria Web Server

Ilja Van Sprundel

Published

2010-06-14

Updated

2010-06-16

CVE-2010-2271

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Accoria Web Server (aka Rock Web Server) version 1.4.7

Description The issue is related to a format string vulnerability in the authcfg.cgi component. This vulnerability can be exploited by remote attackers through format string specifiers in the path parameter, also referred to as the Password File parameter.

Recommendations For Accoria Web Server (aka Rock Web Server) version 1.4.7, consider restricting access to the authcfg.cgi component until a patch is available. Avoid using format string specifiers in the path parameter to minimize the risk of exploitation.

Exploit

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2010-2271

Affected Products

Accoria Web Server

PT-2010-3857 · Accoria · Accoria Web Server

CVE-2010-2271

Weakness Enumeration

Related Identifiers

Affected Products

References · 3