CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
94.6%
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Vendor | Product | Version | CPE |
---|---|---|---|
progress | progress | 9.1e | cpe:2.3:a:progress:progress:9.1e:*:*:*:*:*:*:* |
progress | webspeed | 3.0 | cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:* |
progress | webspeed | 3.1a | cpe:2.3:a:progress:webspeed:3.1a:*:*:*:*:*:*:* |
progress | webspeed | 3.1d | cpe:2.3:a:progress:webspeed:3.1d:*:*:*:*:*:*:* |
progress | webspeed | 3.1e | cpe:2.3:a:progress:webspeed:3.1e:*:*:*:*:*:*:* |
osvdb.org/35541
progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694
secunia.com/advisories/25129
www.ishare.nl/
www.securityfocus.com/archive/1/467375/100/0/threaded
www.securityfocus.com/archive/1/467376/100/0/threaded
www.securityfocus.com/bid/23778