CVE-2007-2506
CVE-2007-2506
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/29943unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/35541http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694http://secunia.com/advisories/25129http://www.ishare.nl/http://www.securityfocus.com/archive/1/467375/100/0/threadedhttp://www.securityfocus.com/archive/1/467376/100/0/threadedhttp://www.securityfocus.com/bid/23778