Back to search
CVE-2008-6938
Published: Aug 11, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20081201 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
mailing-list
x_refsource_BUGTRAQ
49999
vdb-entry
x_refsource_OSVDB
32287
vdb-entry
x_refsource_BID
20081122 Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
mailing-list
x_refsource_BUGTRAQ
20081130 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
mailing-list
x_refsource_BUGTRAQ
20081124 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
mailing-list
x_refsource_BUGTRAQ
20081122 Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
mailing-list
x_refsource_BUGTRAQ
32696
third-party-advisory
x_refsource_SECUNIA
pi3web-isapi-dos(46600)
vdb-entry
x_refsource_XF
49998
vdb-entry
x_refsource_OSVDB
20081203 Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
mailing-list
x_refsource_BUGTRAQ
7109
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now