Bugtraq mailing list archives
HTB22835: DoS (Denial of Service) Risk in FlatnuX
From: advisory () htbridge ch
Date: Thu, 17 Feb 2011 12:11:52 +0100 (CET)
Vulnerability ID: HTB22835 Reference: http://www.htbridge.ch/advisory/dos_denial_of_service_risk_in_flatnux.html Product: FlatNux Vendor: Alessandro Vernassa ( http://www.flatnux.altervista.org/ ) Vulnerable Version: flatnux-2011-01.26 and probably prior versions Vendor Notification: 03 February 2011 Vulnerability Type: DoS (Denial of Service) Risk Status: Fixed by Vendor Risk level: Low Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) Vulnerability Details: This attack can be aimed to block the website. The following PoC is available: http://host/login.html?mod[]=login&op=modprof&user=dos Also this generated an error that will reveal the full path of the script. Solution: Upgrade to the most recent version
Current thread:
- HTB22835: DoS (Denial of Service) Risk in FlatnuX advisory (Feb 17)