Back to search
CVE-2007-5824
Published: Nov 5, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
firefly-decodepassword-dos(38242)
vdb-entry
x_refsource_XF
DSA-1597
vendor-advisory
x_refsource_DEBIAN
20071102 [UPH-07-02] Firefly Media Server DoS
mailing-list
x_refsource_BUGTRAQ
26309
vdb-entry
x_refsource_BID
20071102 Re: [UPH-07-01] Firefly Media Server DoS
mailing-list
x_refsource_BUGTRAQ
firefly-getheaders-dos(38241)
vdb-entry
x_refsource_XF
28269
third-party-advisory
x_refsource_SECUNIA
4600
exploit
x_refsource_EXPLOIT-DB
20071102 [UPH-07-01] Firefly Media Server DoS
mailing-list
x_refsource_BUGTRAQ
http://bugs.gentoo.org/show_bug.cgi?id=200110
x_refsource_MISC
30661
third-party-advisory
x_refsource_SECUNIA
GLSA-200712-18
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now