CVE-2007-2506

Severity

78%

Complexity

99%

Confidentiality

115%

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Progress Software Corp WebSpeed

First reported 17 years ago

2007-05-04 01:19:00

Last updated 6 years ago

2018-10-16 16:44:00

Affected Software

Progress Software Corp WebSpeed 3.0

3.0

Progress Software Corp WebSpeed 3.1a

3.1a

Progress Software Corp WebSpeed 3.1d

3.1d

Progress Software Corp WebSpeed 3.1e

3.1e

References

35541

http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694

25129

Vendor Advisory

http://www.ishare.nl/

20070501 Disable website access for sites running Webspeed

20070502 response Progress: Denial of Service attack against WebSpeed possible

23778

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.