PT-2008-5380 · Sql Ledger+2 · Sql-Ledger+2
Chris Travers
·
Published
2008-09-15
·
Updated
2024-02-09
·
CVE-2008-4077
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
LedgerSMB versions prior to 1.2.15
SQL-Ledger versions 2.8.17 and earlier
Description
The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, via an HTTP POST request with a large Content-Length. This can be achieved by sending a request to the CGI scripts.
Recommendations
For LedgerSMB versions prior to 1.2.15, update to version 1.2.15 or later to resolve the issue.
For SQL-Ledger versions 2.8.17 and earlier, consider disabling the CGI scripts as a temporary workaround until a patch is available. Restrict access to the CGI scripts to minimize the risk of exploitation.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Ledgersmb
Sql-Ledger