CVSTrac Remote Denial of Service Vulnerability
BID:22296
Info
CVSTrac Remote Denial of Service Vulnerability
| Bugtraq ID: | 22296 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0347 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 29 2007 12:00AM |
| Updated: | Jan 29 2007 11:30PM |
| Credit: | Ralf S. Engelschall <[email protected]> from OpenPKG discovered this issue. |
| Vulnerable: |
OpenPKG OpenPKG E1.0-Solid CVSTrac CVSTrac 2.0 |
| Not Vulnerable: |
CVSTrac CVSTrac 2.0.1 |
Discussion
CVSTrac Remote Denial of Service Vulnerability
CVSTrac is prone to a remote denial-of-service vulnerability because it fails to propely sanitize input.
Successfully exploiting this issue allows remote attackers to corrupt the application's database, resulting in a denial-of-service condition, causing further requests from legitimate users to fail.
CVSTrac is prone to a remote denial-of-service vulnerability because it fails to propely sanitize input.
Successfully exploiting this issue allows remote attackers to corrupt the application's database, resulting in a denial-of-service condition, causing further requests from legitimate users to fail.
Exploit / POC
CVSTrac Remote Denial of Service Vulnerability
Attackers use standard browsers to exploit this issue.
Attackers use standard browsers to exploit this issue.
Solution / Fix
CVSTrac Remote Denial of Service Vulnerability
Solution:
The vendor released CVSTrac version 2.0.1 to address this issue.
Please see the referenced advisories for more information.
Solution:
The vendor released CVSTrac version 2.0.1 to address this issue.
Please see the referenced advisories for more information.
References
CVSTrac Remote Denial of Service Vulnerability
References:
References:
- Product Home Page (CVSTrac)
- Ticket 683: Denial of service in CVSTrac 2.0.0 (CVSTrac)
- CVSTrac 2.0.0 Denial of Service (DoS) vulnerability ("Ralf S. Engelschall"