CVE-2007-3956

Name of the Vulnerable Software and Affected Versions: TeamSpeak WebServer version 2.0 for Windows

Description: The issue allows remote attackers to cause a denial of service, consuming CPU and memory, by sending requests with long username and password parameters to the "login.tscmd" endpoint on TCP port 14534. This is due to the lack of validation of parameter value lengths and the failure to expire TCP sessions.

Recommendations: For TeamSpeak WebServer version 2.0 for Windows, consider restricting access to the "login.tscmd" endpoint on TCP port 14534 to minimize the risk of exploitation. As a temporary workaround, restrict the length of username and password parameters to prevent excessive CPU and memory consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.