漏洞信息详情
RETIRED: Anders Mller JWIG Template 远程拒绝服务漏洞
- CNNVD编号:CNNVD-200707-295
- 危害等级: 低危
- CVE编号: CVE-2007-3816
- 漏洞类型: 设计错误
- 发布时间: 2007-07-16
- 威胁类型: 远程
- 更新时间: 2007-07-19
- 厂 商: brics
- 漏洞来源: SecNiche Security ...
漏洞简介
JWIG可能允许见机行事的攻击者可以借助对外部模板的参考的循环指令,造成拒绝服务(服务降级)。
漏洞公告
参考网址
来源: XF
名称: jwig-externaltemplate-dos(35515)
链接:http://xforce.iss.net/xforce/xfdb/35515
来源: SECTRACK
名称: 1018432
链接:http://www.securitytracker.com/id?1018432
来源: BID
名称: 24974
链接:http://www.securityfocus.com/bid/24974
来源: BUGTRAQ
名称: 20070721 Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
链接:http://www.securityfocus.com/archive/1/archive/1/474474/100/200/threaded
来源: BUGTRAQ
名称: 20070716 WhitePapers By SecNiche Security
链接:http://www.securityfocus.com/archive/1/archive/1/473707/100/0/threaded
来源: MISC
链接:http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
来源: FULLDISC
名称: 20070722 Re: [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory
链接:http://seclists.org/fulldisclosure/2007/Jul/0451.HTML
来源: FULLDISC
名称: 20070723 [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory
链接:http://seclists.org/fulldisclosure/2007/Jul/0446.HTML
来源: BUGTRAQ
名称: 20070721 [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
链接:http://seclists.org/bugtraq/2007/Jul/0206.HTML
来源: FULLDISC
名称: 20070726 [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064933.HTML
来源: FULLDISC
名称: 20070721 [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064768.HTML
受影响实体
- Brics Jwig
补丁
暂无
评论