JWIG Template Fetching Loops Can Be Exploited By Remote Users to Deny Service
|
|
SecurityTracker Alert ID: 1018432
|
|
SecurityTracker URL: http://securitytracker.com/id?1018432
|
|
CVE Reference: CVE-2007-3816
(Links to External Site)
|
Date: Jul 19 2007
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 1.2-4, possibly other versions
|
Description: A vulnerability was reported in JWIG. A remote user can cause denial of service conditions.
A remote user with the ability to affect or modify external templates can cause performance degradation on the target system. This
can be exploited by code loops that fetch external templates.
Aditya K Sood of SecNiche Security reported this vulnerability.
The
original advisory is available at:
http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
|
Impact: A remote user can cause denial of service conditions.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.bricks.dk/JWIG (Links to External Site)
|
Cause: State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: Aditya K Sood <zeroknock@secniche.org>
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 21 Jul 2007 00:12:24 -0700
From: Aditya K Sood <zeroknock@secniche.org>
Subject: [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling
|
Advisory : JWIG Context-Dependent Template Calling Dos
CVE- 2007-3816
Dated : 12 July 2007
Vulnerable Software : BRICS, JWIG
Severity : Intermediate
Explanation:
JWIG might allow context-dependent attackers to cause a denial of
service (service degradation) via loops of
references to external templates. For more details :
http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
Links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816
http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816
Regards
Aditya K Sood
SecNiche Security
|
|
