PT-2008-5380 · Sql Ledger+2 · Sql-Ledger+2
Chris Travers
·
Publicado
2008-09-15
·
Atualizado
2024-02-09
·
CVE-2008-4077
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
LedgerSMB versions prior to 1.2.15
SQL-Ledger versions 2.8.17 and earlier
Description
The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, via an HTTP POST request with a large Content-Length. This can be achieved by sending a request to the CGI scripts.
Recommendations
For LedgerSMB versions prior to 1.2.15, update to version 1.2.15 or later to resolve the issue.
For SQL-Ledger versions 2.8.17 and earlier, consider disabling the CGI scripts as a temporary workaround until a patch is available. Restrict access to the CGI scripts to minimize the risk of exploitation.
Correção
DoS
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Debian
Ledgersmb
Sql-Ledger