| Release Date | Jan 21, 2010 |
| Severity | High |
| Impact | System compromise or denial of service |
| Description | This indicates a possible attack against a format-string vulnerability in the HTTP service of HTTPDX HTTP server.
This vulnerability is due to the software's inability to properly handle specially crafted HTTP requests containing format specifiers. A remote attacker may exploit this to cause memory corruption or arbitrary code execution. |
| Affected Products | HTTPDX server 1.5 and prior versions |
| Recommended Actions | Currently we are not aware of any officially supplied patch for this issue. |
| Reference/s | http://www.vupen.com/english/advisories/2009/3312
|