Lucene search

[email protected]CVE-2009-3709

HistoryOct 16, 2009 - 4:30 p.m.

CVE-2009-3709

2009-10-1616:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-3709

meta content optimizer

konae technologies alleycode

html editor

buffer overflow

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.

Affected configurations

NVD

Node

konaealleycode_html_editorMatch2.21

CPENameOperatorVersion
konae:alleycode_html_editorkonae alleycode html editoreq2.21

CPE	Name	Operator	Version
konae:alleycode_html_editor	konae alleycode html editor	eq	2.21

References

osvdb.org/58649

packetstormsecurity.org/0910-exploits/alleycode-overflow.txt

secunia.com/advisories/36940

www.securityfocus.com/archive/1/506987/100/0/threaded

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2009-3709

nvd1 prion1 cvelist1 openvas2