[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
- From: "Bubba Gump" <bubbagump123@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
- Date: Fri, 20 Jul 2007 18:58:20 -0400
------=_Part_175547_19019298.1184972300240
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Aditya,
Thanks, these are some really good findings. Is there a patch available yet
for these security issues?
Thanks,
Bubba
On 7/21/07, Aditya K Sood <zeroknock@secniche.org> wrote:
>
>
> Advisory : JWIG Context-Dependent Template Calling Dos
>
> CVE- 2007-3816
>
> Dated : 12 July 2007
>
> Vulnerable Software : BRICS, JWIG
>
> Severity : Intermediate
>
> Explanation:
> JWIG might allow context-dependent attackers to cause a denial of
> service (service degradation) via loops of
> references to external templates. For more details :
>
> http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
>
> Links:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816
> http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816
>
>
> Regards
> Aditya K Sood
> SecNiche Security
>
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
------=_Part_175547_19019298.1184972300240
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Aditya,<br>Thanks, these are some really good findings. Is there a patch available yet for these security issues?<br><br>Thanks,<br>Bubba<br><br><div><span class="gmail_quote">On 7/21/07, <b class="gmail_sendername">Aditya K Sood
</b> <<a href="mailto:zeroknock@secniche.org";>zeroknock@secniche.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>Advisory : JWIG Context-Dependent Template Calling Dos<br><br>CVE- 2007-3816<br><br>Dated : 12 July 2007<br><br>Vulnerable Software : BRICS, JWIG<br><br>Severity : Intermediate<br><br>Explanation:<br>JWIG might allow context-dependent attackers to cause a denial of
<br>service (service degradation) via loops of<br>references to external templates. For more details :<br><br><a href="http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf";>http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
</a><br><br>Links:<br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816";>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816</a><br><a href="http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816";>http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816
</a><br><br><br>Regards<br>Aditya K Sood<br>SecNiche Security<br><br><br><br>----------------------------------------------------------------------------<br>Join us on IRC: <a href="http://irc.freenode.net";>irc.freenode.net
</a> #webappsec<br><br>Have a question? Search The Web Security Mailing List Archives:<br><a href="http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.org/lists/websecurity/</a><br><br>Subscribe via RSS:<br>
<a href="http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br><br></blockquote></div><br>
------=_Part_175547_19019298.1184972300240--
Brought to you by http://www.webappsec.org
Search this site
|