Aditya,<br>Thanks, these are some really good findings. Is there a patch available yet for these security issues?<br><br>Thanks,<br>Bubba<br><br><div><span class="gmail_quote">On 7/21/07, <b class="gmail_sendername">Aditya K Sood
</b> <<a href="mailto:zeroknock@secniche.org">zeroknock@secniche.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>Advisory : JWIG Context-Dependent Template Calling Dos<br><br>CVE- 2007-3816<br><br>Dated : 12 July 2007<br><br>Vulnerable Software : BRICS, JWIG<br><br>Severity : Intermediate<br><br>Explanation:<br>JWIG might allow context-dependent attackers to cause a denial of
<br>service (service degradation) via loops of<br>references to external templates. For more details :<br><br><a href="http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf">http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
</a><br><br>Links:<br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816</a><br><a href="http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816">http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816
</a><br><br><br>Regards<br>Aditya K Sood<br>SecNiche Security<br><br><br><br>----------------------------------------------------------------------------<br>Join us on IRC: <a href="http://irc.freenode.net">irc.freenode.net
</a> #webappsec<br><br>Have a question? Search The Web Security Mailing List Archives:<br><a href="http://www.webappsec.org/lists/websecurity/">http://www.webappsec.org/lists/websecurity/</a><br><br>Subscribe via RSS:<br>
<a href="http://www.webappsec.org/rss/websecurity.rss">http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br><br></blockquote></div><br>