|
Family: CGI abuses --> Category: denial
ELOG Web LogBook global Denial of Service Vulnerability Scan
Vulnerability Scan Summary Tries to crash the remote service.
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by a denial of service issue.
Description :
The remote web server is identified as ELOG Web Logbook, an open
source blogging software.
The version of ELOG Web Logbook installed on the remote host is
vulnerable to a denial of service attack by requesting '/global' or
any logbook with 'global' in its name. When a request like this is
received, a NULL pointer dereference occurs, leading to a crash of the
service.
See also :
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html
http://www.nessus.org/u?67c4b2ac
http://midas.psi.ch/elogs/Forum/2053
Solution :
Upgrade to ELOG version 2.6.2-7 or later.
Risk Factor :
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:N/A:P/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|