WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote malicious users to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
progress webspeed 3.1a |
||
progress webspeed 3.1d |
||
progress progress 9.1e |
||
progress webspeed 3.0 |
||
progress webspeed 3.1e |