Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos

[Aditya K Sood <zeroknock@xxxxxxxxxxxx>]

Bubba Gump wrote:
> Aditya,
> Thanks, these are some really good findings.  Is there a patch 
> available yet for these security issues?
>
> Thanks,
> Bubba
>
> On 7/21/07, *Aditya K Sood * <zeroknock@xxxxxxxxxxxx 
> <mailto:zeroknock@xxxxxxxxxxxx>> wrote:
>
>
>     Advisory :  JWIG   Context-Dependent  Template Calling Dos
>
>     CVE- 2007-3816
>
>     Dated : 12 July 2007
>
>     Vulnerable Software : BRICS, JWIG
>
>     Severity : Intermediate
>
>     Explanation:
>     JWIG might allow context-dependent attackers to cause a denial of
>     service (service degradation) via loops of
>     references to external templates. For more details :
>
>     http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
>     <http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf>
>
>     Links:
>     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816
>     http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816
>     <http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816>
>
>
>     Regards
>     Aditya K Sood
>     SecNiche Security
>
>
>
>     ----------------------------------------------------------------------------
>     Join us on IRC: irc.freenode.net <http://irc.freenode.net> #webappsec
>
>     Have a question? Search The Web Security Mailing List Archives:
>     http://www.webappsec.org/lists/websecurity/
>
>     Subscribe via RSS:
>     http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
hi bubba

               Thanks. Let see. Being this is a vector related to 
feature exploitation.
Lets see.

Regards
Aditya K Sood
SecNiche Security

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]