Published: 04/05/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote malicious users to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

Vulnerable Product	Search on Vulmon	Subscribe to Product
progress webspeed 3.1a
progress webspeed 3.1d
progress progress 9.1e
progress webspeed 3.0
progress webspeed 3.1e

//source: wwwsecurityfocuscom/bid/23778/info // //WebSpeed is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input // //Successful exploits can allow attackers to cause the application to become unresponsive, denying service to legitimate users if(!$ARGV[0]){ print "ULPOW\n"; ...

NVD-CWE-Other http://www.ishare.nl/http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694 http://www.securityfocus.com/bid/23778 http://secunia.com/advisories/25129 http://osvdb.org/35541 http://www.securityfocus.com/archive/1/467376/100/0/threaded http://www.securityfocus.com/archive/1/467375/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29943/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2506

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect