[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos

From: Aditya K Sood <zeroknock@xxxxxxxxxxxx>
Subject: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
Date: Sat, 21 Jul 2007 00:12:24 -0700


Advisory :  JWIG   Context-Dependent  Template Calling Dos

CVE- 2007-3816

Dated : 12 July 2007

Vulnerable Software : BRICS, JWIG

Severity : Intermediate

Explanation: JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. For more details :

http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf

Links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816
http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816


Regards
Aditya K Sood
SecNiche Security

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
  - From: Bubba Gump

Prev by Date: [WEB SECURITY] HDIV: Struts 2 Security Plugin
Next by Date: Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
Previous by thread: [WEB SECURITY] HDIV: Struts 2 Security Plugin
Next by thread: Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site