Lucene search

[email protected]CVE-2008-7249

HistoryDec 30, 2009 - 10:30 p.m.

CVE-2008-7249

2009-12-3022:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-7249

buffer overflow

squid analysis report generator

sarg

remote code execution

http request

nvd

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.5%

JSON

Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.

CPENameOperatorVersion
pedro_lineu_orso:sargpedro lineu orso sargeq2.2.4

CPE	Name	Operator	Version
pedro_lineu_orso:sarg	pedro lineu orso sarg	eq	2.2.4

References

sourceforge.net/project/shownotes.php?release_id=581212

www.securityfocus.com/archive/1/489018/100/0/threaded

www.vupen.com/english/advisories/2008/0749

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2008-7249

debiancve2 prion2 ubuntucve2 nessus3 cve1 securityvulns2 openvas4 gentoo1