CVE-2007-0538

Name of the Vulnerable Software and Affected Versions Telligent Community Server versions 2.1 and earlier

Description The issue allows remote attackers to cause a denial of service, either by consuming bandwidth or threads, via pingback service calls. This can be achieved by making pingback service calls with a source URI that corresponds to a large file, triggering a long download session without a timeout constraint, or a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.

Recommendations For versions 2.1 and earlier, consider disabling the pingback service as a temporary workaround until a patch is available. Restrict access to the pingback service to minimize the risk of exploitation. Avoid using the pingback service for files with binary content types or large files until the issue is resolved.