Httpdx Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with httpdx and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to crash an affected server or execute arbitrary code by sending a malicious command to a vulnerable server. Impact Level: Application

Solution

Upgrade to httpdx Server version 1.5.4 or later For updates refer to http://sourceforge.net/projects/httpdx/

Insight

The multiple flaws are, - default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. - format string error in tolog function in the FTP server and HTTP server when processing user-supplied commands.

Affected

httpdx version 1.5 and prior

References

http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb
http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb
http://www.vupen.com/english/advisories/2009/3312

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4769, CVE-2009-4770

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)

httpdx Multiple Vulnerabilities

Take action and discover your vulnerabilities