[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
- To: "Aditya K Sood" <zeroknock@xxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
- From: "Bubba Gump" <bubbagump123@xxxxxxxxx>
- Date: Fri, 20 Jul 2007 18:58:20 -0400
Aditya,
Thanks, these are some really good findings. Is there a patch available yet
for these security issues?
Thanks,
Bubba
On 7/21/07, Aditya K Sood <zeroknock@xxxxxxxxxxxx> wrote:
Advisory : JWIG Context-Dependent Template Calling Dos
CVE- 2007-3816
Dated : 12 July 2007
Vulnerable Software : BRICS, JWIG
Severity : Intermediate
Explanation:
JWIG might allow context-dependent attackers to cause a denial of
service (service degradation) via loops of
references to external templates. For more details :
http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
Links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816
http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816
Regards
Aditya K Sood
SecNiche Security
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/