CVE-2010-2271

Published: Jun 15, 2010Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter.

Affected (1)

Products: Accoria: Rock Web Server

Accoria

1 product

Rock Web Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Accoria Rock Web Server	Version 1.4.7

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (4)

http://www.ioactive.com/pdfs/AccoriaWebServer.pdf

Source: cve@mitre.org

Exploit

http://www.kb.cert.org/vuls/id/245081

Source: cve@mitre.org

US Government Resource

http://www.ioactive.com/pdfs/AccoriaWebServer.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.kb.cert.org/vuls/id/245081

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.