exploitDog

CVE-2007-2506

Опубликовано: 04 мая 2007

Источник: nvd

CVSS2: 7.8

EPSS Низкий

Описание

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:progress:progress:9.1e:*:*:*:*:*:*:*

cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:*

cpe:2.3:a:progress:webspeed:3.1a:*:*:*:*:*:*:*

cpe:2.3:a:progress:webspeed:3.1d:*:*:*:*:*:*:*

cpe:2.3:a:progress:webspeed:3.1e:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01352

Низкий

7.8 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-c36r-h4vm-4w2p

github

почти 4 года назад

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

EPSS

Процентиль: 80%

0.01352

Низкий

7.8 High

CVSS2

Дефекты

NVD-CWE-Other