cpe:/a:firefly:media_server:0.2.4 CVE-2007-5824 2007-11-05T14:46:00.000-05:00 2017-09-28T21:29:43.220-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov 2007-11-06T22:13:00.000-05:00 BUGTRAQ 20071102 Re: [UPH-07-01] Firefly Media Server DoS BUGTRAQ 20071102 [UPH-07-01] Firefly Media Server DoS BUGTRAQ 20071102 [UPH-07-02] Firefly Media Server DoS BID 26309 SECUNIA 28269 SECUNIA 30661 EXPLOIT-DB 4600 DEBIAN DSA-1597 GENTOO GLSA-200712-18 XF firefly-decodepassword-dos(38242) XF firefly-getheaders-dos(38241) MISC http://bugs.gentoo.org/show_bug.cgi?id=200110 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679 webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.