QwikSec

Security Database

CVE

CWE

Training

CVE-2007-2506

Published: May 4, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://www.ishare.nl/

x_refsource_MISC

20070502 response Progress: Denial of Service attack against WebSpeed possible

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_OSVDB

20070501 Disable website access for sites running Webspeed

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.