First published: Fri May 04 2007(Updated: )
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Progress Progress | =9.1e | |
Progress Webspeed | =3.0 | |
Progress Webspeed | =3.1d | |
Progress Webspeed | =3.1a | |
Progress Webspeed | =3.1e |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.