cpe:/a:holger_zimmermann:pi3web:1.0.1 cpe:/a:holger_zimmermann:pi3web:2.0 cpe:/a:holger_zimmermann:pi3web:2.0.1 cpe:/a:holger_zimmermann:pi3web:2.0.2_beta_1 cpe:/a:holger_zimmermann:pi3web:2.0.3_pl1 CVE-2008-6938 2009-08-11T17:00:00.610-04:00 2017-09-28T21:33:25.950-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-08-12T08:21:00.000-04:00 BUGTRAQ 20081122 Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability BUGTRAQ 20081122 Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability BUGTRAQ 20081124 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability BUGTRAQ 20081130 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability BUGTRAQ 20081201 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability BUGTRAQ 20081203 Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability BID 32287 SECUNIA 32696 OSVDB 49998 OSVDB 49999 EXPLOIT-DB 7109 XF pi3web-isapi-dos(46600) Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.