[Full-disclosure] [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
Bubba Gump
bubbagump123 at gmail.com
Fri Jul 20 23:58:20 BST 2007
Aditya,
Thanks, these are some really good findings. Is there a patch available yet
for these security issues?
Thanks,
Bubba
On 7/21/07, Aditya K Sood <zeroknock at secniche.org> wrote:
>
>
> Advisory : JWIG Context-Dependent Template Calling Dos
>
> CVE- 2007-3816
>
> Dated : 12 July 2007
>
> Vulnerable Software : BRICS, JWIG
>
> Severity : Intermediate
>
> Explanation:
> JWIG might allow context-dependent attackers to cause a denial of
> service (service degradation) via loops of
> references to external templates. For more details :
>
> http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
>
> Links:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816
> http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816
>
>
> Regards
> Aditya K Sood
> SecNiche Security
>
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070720/732ae641/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.