- Description
- WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:progress:9.1e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAC44608-A273-4EA8-9A60-CA10903AE0A1"
},
{
"criteria": "cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CA5B493-3BB1-4847-8055-15B93171EC9B"
},
{
"criteria": "cpe:2.3:a:progress:webspeed:3.1a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFE71387-6ED3-4560-89AC-2E95BCE4A0E5"
},
{
"criteria": "cpe:2.3:a:progress:webspeed:3.1d:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3762BC5-B7B1-467F-BD7B-A167CF8EFEEA"
},
{
"criteria": "cpe:2.3:a:progress:webspeed:3.1e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "903C177E-A627-4A28-8AF4-C10B668B9D15"
}
],
"operator": "OR"
}
]
}
]