CVE-2004-2519

Name of the Vulnerable Software and Affected Versions Gattaca Server 2003 version 1.1.10.0

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by manipulating directory specifiers in the LANGUAGE parameter. This can be achieved by accessing certain API endpoints, such as "index.tmpl" and "web.tmpl", with specific directory specifiers, including (a) slash "/", (b) backslash "", (c) dot ".", (d) dot dot "..", and (e) internal slash "lang//en".

Recommendations For Gattaca Server 2003 version 1.1.10.0, consider restricting access to the LANGUAGE parameter in the affected API endpoints "index.tmpl" and "web.tmpl" to prevent CPU consumption denial of service attacks. As a temporary workaround, avoid using the specified directory specifiers in the LANGUAGE parameter until a patch is available.