Vulnerability Details : CVE-2007-2506
Potential exploit
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Vulnerability category: Denial of service
Products affected by CVE-2007-2506
- cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:progress:webspeed:3.1a:*:*:*:*:*:*:*
- cpe:2.3:a:progress:webspeed:3.1d:*:*:*:*:*:*:*
- cpe:2.3:a:progress:webspeed:3.1e:*:*:*:*:*:*:*
- cpe:2.3:a:progress:progress:9.1e:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2506
1.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2506
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
References for CVE-2007-2506
-
http://www.ishare.nl/
-
http://www.securityfocus.com/archive/1/467375/100/0/threaded
-
http://secunia.com/advisories/25129
Vendor Advisory
-
http://www.securityfocus.com/archive/1/467376/100/0/threaded
-
http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694
-
http://www.securityfocus.com/bid/23778
Exploit;Patch
-
http://osvdb.org/35541
Jump to