Easy Address Book Web Server Format String Vulnerability

2006.09.12

Credit: Revnic Vasile

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-4654

CWE: CWE-Other

CVSS Base Score: 5.1/10

Impact Subscore: 6.4/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Easy Address Book Web Server Format String Vulnerability
Software: Easy Address Book Web Server
Version: 1.2
Website: http://www.efssoft.com/
Description:
Easy Address Book Web Server is a Web Address Book software that allows users to view, search, add, edit, or administer address books easily through a Web Browser.
Vulnerability:
By sending a specially crafted HTTP request, a remote attacker can crash or compromise the server.
Denial of Service example:
http://[host]/?%25n
Credit:
Discovered by Revnic Vasile

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Easy Address Book Web Server Format String Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.