PT-2004-3388 · Opentext · Opentext Firstclass

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2496

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: OpenText FirstClass versions 7.1 through 8.0

Description: The issue allows remote attackers to cause a denial of service, resulting in service availability loss. This is achieved by sending a large number of POST requests to the "/Search" API endpoint.

Recommendations: For OpenText FirstClass versions 7.1 through 8.0, consider restricting access to the "/Search" API endpoint to minimize the risk of exploitation. As a temporary workaround, limiting the number of POST requests to this endpoint may also help mitigate the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2496

Affected Products

Opentext Firstclass

PT-2004-3388 · Opentext · Opentext Firstclass

CVE-2004-2496

Related Identifiers

Affected Products

References · 8