CVE-2008-6938

Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapiusers.txt.
Configurations

Configuration 1

cpe:2.3:a:holger_zimmermann:pi3web:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:holger_zimmermann:pi3web:2.0:*:*:*:*:*:*:*
cpe:2.3:a:holger_zimmermann:pi3web:2.0.2_beta_1:*:*:*:*:*:*:*
cpe:2.3:a:holger_zimmermann:pi3web:*:*:*:*:*:*:*:*
cpe:2.3:a:holger_zimmermann:pi3web:2.0.1:*:*:*:*:*:*:*

Information

Published : 2009-08-11 09:00

Updated : 2017-09-29 01:33


NVD link : CVE-2008-6938

Mitre link : CVE-2008-6938

Products Affected
CWE