CVE-2008-6938

CVE-2008-6938 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.

Learn more about our Cis Benchmark Audit For Desktop Software.