Denial of Service Vulnerability in OpenEdge WebSpeed by Progress Software
CVE-2007-2506

Currently unrated

Key Information:

Vendor: Progress
Status: Progress; Webspeed
Vendor: CVE Published:; 4 May 2007

Summary

In OpenEdge WebSpeed versions 3.x and 10.x, a vulnerability exists that allows remote attackers to trigger a denial of service. This is achieved by sending a specially crafted messenger URL that invokes '_edit.r' with missing parameters, leading to an infinite loop that can hang the daemon. Exploits of this flaw can potentially result in significant service disruptions. It is crucial for users to apply recommended mitigations to secure their systems against such threats.

References

http://progress.atgnow.com/esprogress/resultDisplay.do?go...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/23778

vdb-entryx_refsource_BID

http://www.ishare.nl/

x_refsource_MISC

Timeline

Vulnerability published
May 4, 2007
Vulnerability Reserved
May 3, 2007