BID:38967

WeBAM Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability

Info

WeBAM Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability

Bugtraq ID:	38967
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Mar 25 2010 12:00AM
Updated:	Apr 01 2010 07:52AM
Credit:	MustLive
Vulnerable:	NoCMS Mangos 0 NoCMS Ascent 0 MiniManager MiniManager for Project MANGOS 0.15 Assembla WeBAM 1.1 ArcManager ArcManager 0

Not Vulnerable:

Discussion

WeBAM Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability

WeBAM is prone to a denial-of-service vulnerability and a CAPTCHA-bypass vulnerability.

Attackers can leverage these issues to cause the affected server to stop responding or to bypass certain security mechanisms.

Exploit / POC

WeBAM Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability

Attackers can use a browser to exploit these issues.

The following example URI is available:

http://www.example.com/captcha/CaptchaSecurityImages.php?width=1000&height=9000

Solution / Fix

WeBAM Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

WeBAM Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability

References:

??????????? ? ArcManager (MustLive)
??????????? ? MiniManager for Project MANGOS (MustLive)
Vulnerabilities in NoCMS (MustLive)
Webam Homepage (Assembla)
Vulnerabilities in WeBAM ('MustLive' )