CVE-2024-10599

Tongda OA 2017 package_static_resources.php resource consumption

CVSS 6.9 MEDIUMEPSS 0.9%CWE-400

In short

Tongda OA 2017 has a flaw in a file that processes package resources, allowing attackers to consume excessive server resources remotely. This can slow down or crash the application, affecting availability for legitimate users.

Technical detail

CWE-400 resource exhaustion vulnerability in /inc/package_static_resources.php allows unauthenticated remote attackers to trigger uncontrolled resource consumption through malicious requests, impacting system availability. The vulnerability affects Tongda OA 2017 up to version 11.7.

Summary generated and translated by AI from the official description.

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected products

Tongda · OA 2017

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/LvZCh/td/issues/2 https://vuldb.com/?ctiid.282611 https://vuldb.com/?id.282611 https://vuldb.com/?submit.433496