[CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx
Subject: [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
From: Aditya K Sood <zeroknock@xxxxxxxxxxxx>
Date: Sat, 21 Jul 2007 00:12:24 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 1.5.0.12 (Windows/20070509)


Advisory :  JWIG   Context-Dependent  Template Calling Dos

CVE- 2007-3816

Dated : 12 July 2007

Vulnerable Software : BRICS, JWIG

Severity : Intermediate

Explanation:

JWIG might allow context-dependent attackers to cause a denial ofservice (service degradation) via loops of

references to external templates. For more details :

http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf

Links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3816
http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-3816


Regards
Aditya K Sood
SecNiche Security

Prev by Date: [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities
Next by Date: Re: Internet Explorer 0day exploit
Previous by thread: [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities
Next by thread: Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
Index(es):
- Date
- Thread