HoloCMS Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability
BID:39188
Info
HoloCMS Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability
| Bugtraq ID: | 39188 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2010 12:00AM |
| Updated: | Apr 05 2010 12:00AM |
| Credit: | MustLive |
| Vulnerable: |
HoloCMS HoloCMS 1.3.1 HoloCMS HoloCMS 3.1 |
| Not Vulnerable: | |
Discussion
HoloCMS Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability
HoloCMS is prone to a denial-of-service vulnerability and a CAPTCHA-bypass vulnerability.
Attackers can leverage these issues to cause the affected server to stop responding or to bypass certain security mechanisms.
HoloCMS 3.1 is vulnerable, other versions may be affected.
HoloCMS is prone to a denial-of-service vulnerability and a CAPTCHA-bypass vulnerability.
Attackers can leverage these issues to cause the affected server to stop responding or to bypass certain security mechanisms.
HoloCMS 3.1 is vulnerable, other versions may be affected.
Exploit / POC
HoloCMS Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability
Attackers can use a browser to exploit these issues.
The following example URI is available:
http://www.example.com/captcha/CaptchaSecurityImages.php?width=1000&height=9000
Attackers can use a browser to exploit these issues.
The following example URI is available:
http://www.example.com/captcha/CaptchaSecurityImages.php?width=1000&height=9000
Solution / Fix
HoloCMS Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
HoloCMS Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability
References:
References:
- HoloCMS Homepage (HoloCMS)
- Vulnerability in CaptchaSecurityImages (MustLive)
- Vulnerabilities in HoloCMS (MustLive