7.8

CVE-2008-4077

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LedgersmbLedgersmb Version < 1.2.15
Sql-ledgerSql-ledger Version <= 2.8.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.83% 0.848
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://secunia.com/advisories/31843
Vendor Advisory
http://securityreason.com/securityalert/4250
Third Party Advisory
http://www.ledgersmb.org/node/70
Release Notes
http://www.securityfocus.com/archive/1/496181/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/31109
Patch
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45033
Third Party Advisory
VDB Entry