MidnightBSD

Advisories for jasper

CVE-2009-3711 HIGH

Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
jasper httpdx 1.4
jasper httpdx 1.4.3
CVE-2009-4531 MEDIUM

httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
jasper httpdx *
jasper httpdx 1.4
jasper httpdx 1.4.3
CVE-2009-4769 HIGH

Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
jasper httpdx 1.5
jasper httpdx 1.4.6
jasper httpdx 1.4.5
jasper httpdx 1.4.6b
jasper httpdx 1.4
CVE-2009-4770 HIGH

The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
jasper httpdx 1.5
jasper httpdx 1.4.6
jasper httpdx 1.4.5
jasper httpdx 1.4.6b
jasper httpdx 1.4