Lucene search

[email protected]CVE-2008-4077

HistorySep 15, 2008 - 3:14 p.m.

CVE-2008-4077

2008-09-1515:14:00

CWE-400

[email protected]

web.nvd.nist.gov

cve-2008-4077

cgi scripts

ledgersmb

sql-ledger

denial of service

nvd

6.9 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

87.0%

JSON

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

CPENameOperatorVersion
sql-ledger:sql-ledgersql-ledgerle2.8.17
ledgersmb:ledgersmbledgersmblt1.2.15

CPE	Name	Operator	Version
sql-ledger:sql-ledger	sql-ledger	le	2.8.17
ledgersmb:ledgersmb	ledgersmb	lt	1.2.15

References

secunia.com/advisories/31843

securityreason.com/securityalert/4250

www.ledgersmb.org/node/70

www.securityfocus.com/archive/1/496181/100/0/threaded

www.securityfocus.com/bid/31109

exchange.xforce.ibmcloud.com/vulnerabilities/45033

6.9 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

87.0%

JSON

Related for CVE-2008-4077

ubuntucve1 prion1 debiancve1 cvelist1