CVE-2023-40052

{"id": "CVE-2023-40052", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@progress.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-18T15:15:09.247", "references": [{"url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport", "tags": ["Vendor Advisory"], "source": "security@progress.com"}, {"url": "https://www.progress.com/openedge", "tags": ["Product"], "source": "security@progress.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "security@progress.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nThis issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0\n\n.\u00a0\n\nAn attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server\u2019s remaining ability to process valid requests.\n\n\n\n\n\n"}, {"lang": "es", "value": "Este problema afecta a Progress Application Server (PAS) para OpenEdge en las versiones 11.7 anteriores a 11.7.18, 12.2 anteriores a 12.2.13 y versiones de innovaci\u00f3n anteriores a 12.8.0. Un atacante que pueda generar una solicitud web con formato incorrecto puede provocar el bloqueo de un agente PASOE, lo que podr\u00eda interrumpir las actividades de subprocesos de muchos clientes de aplicaciones web. Varios de estos ataques DoS podr\u00edan provocar una inundaci\u00f3n de solicitudes no v\u00e1lidas en comparaci\u00f3n con la capacidad restante del servidor para procesar solicitudes v\u00e1lidas."}], "lastModified": "2024-01-26T15:26:09.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7298E8E1-4C6A-4AE7-954E-480F86D8B8E1", "versionEndExcluding": "11.7.18", "versionStartIncluding": "11.7"}, {"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2057ECB7-5DD8-485F-9D43-560A152C883C", "versionEndExcluding": "12.2.13", "versionStartIncluding": "12.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59216BF0-5044-4252-AB97-B63FFAA84F24", "versionEndExcluding": "12.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@progress.com"}