CVE-2007-2506

Name of the Vulnerable Software and Affected Versions Progress OpenEdge versions 10.x Progress Software Progress versions 9.1e and certain other 9.x versions

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and daemon hang. This can be achieved by invoking edit.r with no additional parameters via a messenger URL. For example, requests for cgiip.exe or wsisa.dll with WService=wsbroker1/ edit.r in the PATH INFO can demonstrate this.

Recommendations For Progress OpenEdge versions 10.x, update to a version that includes a fix for this issue. For Progress Software Progress versions 9.1e and certain other 9.x versions, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the edit.r URL to minimize the risk of exploitation.