phpWebSite Calendar Module DoS

2003-08-10T07:51:47
ID OSVDB:3844
Type osvdb
Reporter OSVDB
Modified 2003-08-10T07:51:47

Description

Vulnerability Description

phpWebSite contains a flaw that may allow a remote denial of service. The issue is triggered when the "year" variable is overflowed, and will result in loss of availability for the service.

Solution Description

Upgrade to version 0.8.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpWebSite contains a flaw that may allow a remote denial of service. The issue is triggered when the "year" variable is overflowed, and will result in loss of availability for the service.

Manual Testing Notes

http://[victim]/[PATH]/index.php?index.php?module=calendar&calendar[view]= [VIEW FORM]&month=11&year=91+92+93...( more than 4000 bytes )

References:

Vendor URL: http://phpwebsite.appstate.edu/ Secunia Advisory ID:9517 Related OSVDB ID: 3842 Related OSVDB ID: 3843 Related OSVDB ID: 2410 Other Advisory URL: http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/1659.html ISS X-Force ID: 12896 Generic Informational URL: http://phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=577 CVE-2003-0738