Vulnerabilities > CVE-2007-2506 - Denial Of Service vulnerability in Progress WebSpeed
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | Progress WebSpeed 3.0/3.1 Denial Of Service Vulnerability. CVE-2007-2506. Dos exploit for windows platform |
| id | EDB-ID:29943 |
| last seen | 2016-02-03 |
| modified | 2007-05-02 |
| published | 2007-05-02 |
| reporter | Eelko Neven |
| source | https://www.exploit-db.com/download/29943/ |
| title | Progress WebSpeed 3.0/3.1 - Denial of Service Vulnerability |
References
- http://osvdb.org/35541
- http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694
- http://secunia.com/advisories/25129
- http://www.ishare.nl/
- http://www.securityfocus.com/archive/1/467375/100/0/threaded
- http://www.securityfocus.com/archive/1/467376/100/0/threaded
- http://www.securityfocus.com/bid/23778