[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx
Subject: [Full-disclosure] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
From: Aditya K Sood <zeroknock@xxxxxxxxxxxx>
Date: Sat, 21 Jul 2007 00:12:24 -0700

Advisory :  JWIG   Context-Dependent  Template Calling Dos

CVE- 2007-3816

Dated : 12 July 2007

Vulnerable Software : BRICS, JWIG

Severity : Intermediate

Explanation:
JWIG might allow context-dependent attackers to cause a denial of 
service (service degradation) via loops of
references to external templates. For more details :

http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf

Links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816
http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816


Regards
Aditya K Sood
SecNiche Security


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
  - From: Bubba Gump

Prev by Date: Re: [Full-disclosure] Turkish hackers bring down insurer's site
Next by Date: [Full-disclosure] David Maynor/LMH/Infosecsellout
Previous by thread: [Full-disclosure] hackers are giving up hacking
Next by thread: Re: [Full-disclosure] [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
Index(es):
- Date
- Thread