Vulnerability Details : CVE-2007-5067
Public exploit exists!
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
Vulnerability category: Execute code
Products affected by CVE-2007-5067
- cpe:2.3:a:imatix:xitami:2.5_c2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5067
83.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-5067
-
Xitami 2.5c2 Web Server If-Modified-Since Overflow
Disclosure Date: 2007-09-24First seen: 2020-04-26exploit/windows/http/xitami_if_mod_sinceThis module exploits a stack buffer overflow in the iMatix Corporation Xitami Web Server. If a malicious user sends an If-Modified-Since header containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module us
CVSS scores for CVE-2007-5067
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-5067
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5067
-
https://www.exploit-db.com/exploits/4450
Xitami Web Server 2.5 - 'If-Modified-Since' Remote Buffer Overflow - Windows remote Exploit
-
http://www.securityfocus.com/bid/25772
iMatix Xitami If-Modified-Since Remote Buffer Overflow VulnerabilityExploit
-
http://www.vupen.com/english/advisories/2007/3258
-
http://secunia.com/advisories/26884
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36756
Jump to