CVE-2009-4769

CVE-2009-4769 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.

Learn more about our Cis Benchmark Audit For Server Software.