The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
References
Link | Resource |
---|---|
http://secunia.com/advisories/31843 | Vendor Advisory |
http://securityreason.com/securityalert/4250 | Third Party Advisory |
http://www.ledgersmb.org/node/70 | Release Notes |
http://www.securityfocus.com/archive/1/496181/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/31109 | Broken Link Patch Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/45033 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
09 Feb 2024, 16:11
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/496181/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/45033 - Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/31109 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | (SREASON) http://securityreason.com/securityalert/4250 - Third Party Advisory | |
References | (CONFIRM) http://www.ledgersmb.org/node/70 - Release Notes | |
CPE | cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.11:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.6:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.26:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.8:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.7:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.8:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.12:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:*:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.3:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.24:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.16:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.22:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.9:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.27:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.2:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.5:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.12:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.14:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.9:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.1.8:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.1:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.4:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.10:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.11:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.13:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.23:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.20:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.7:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.13:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.15:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.10:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.27:*:*:*:*:*:*:* |
|
CWE | CWE-400 |
Information
Published : 2008-09-15 15:14
Updated : 2024-02-28 11:21
NVD link : CVE-2008-4077
Mitre link : CVE-2008-4077
CVE.ORG link : CVE-2008-4077
JSON object : View
Products Affected
ledgersmb
- ledgersmb
sql-ledger
- sql-ledger
CWE
CWE-400
Uncontrolled Resource Consumption