CVE-2023-40052

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 .  An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*

History

26 Jan 2024, 15:26

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Progress openedge
Progress
Progress openedge Innovation
CPE cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*
References () https://www.progress.com/openedge - () https://www.progress.com/openedge - Product
References () https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport - () https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport - Vendor Advisory
CWE CWE-119

18 Jan 2024, 15:50

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-18 15:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-40052

Mitre link : CVE-2023-40052

CVE.ORG link : CVE-2023-40052


JSON object : View

Products Affected

progress

  • openedge_innovation
  • openedge
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer