Web Wiz Forum pop_up_ip_blocking.asp IP Blocking

2004-05-03T09:58:40
ID OSVDB:5751
Type osvdb
Reporter Alexander(pk95@yandex.ru)
Modified 2004-05-03T09:58:40

Description

Vulnerability Description

Web Wiz Forums contains a remote denial of service vulnerability. The issue is triggered when an attacker supplies a specially crafted HTTP request to pop_up_ip_blocking.asp. A remote unauthorized user can block any IP address, resulting in a loss of availability for the service.

Solution Description

Upgrade to version 7.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Web Wiz Forums contains a remote denial of service vulnerability. The issue is triggered when an attacker supplies a specially crafted HTTP request to pop_up_ip_blocking.asp. A remote unauthorized user can block any IP address, resulting in a loss of availability for the service.

References:

Vendor URL: http://www.webwizguide.info/web_wiz_forums/default.asp?mode=asp Vendor Specific Solution URL: http://www.webwizguide.info/news/news_item.asp?NewsID=66 Security Tracker: 1010012 Secunia Advisory ID:11525 Related OSVDB ID: 5750 Related OSVDB ID: 5752 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html ISS X-Force ID: 16031 ISS X-Force ID: 16030 CVE-2004-2733 Bugtraq ID: 10255