ELOG Web LogBook Global Denial Of Service Network Vulnerability

Summary

The remote web server is affected by a denial of service issue. Description : The remote web server is identified as ELOG Web Logbook, an open source blogging software. The version of ELOG Web Logbook installed on the remote host is vulnerable to a denial of service attack by requesting '/global' or any logbook with 'global' in its name. When a request like this is received, a NULL pointer dereference occurs, leading to a crash of the service.

Solution

Upgrade to ELOG version 2.6.2-7 or later. CVSS Base Score : 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html
http://midas.psi.ch/elogs/Forum/2053
http://savannah.psi.ch/websvn/log.php?repname=elog&path=/trunk/&rev=1749&sc=1&isdir=1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-6318

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache Tomcat Directory Listing and File disclosure
Apache Tomcat DOS Device Name XSS

ELOG Web LogBook global Denial of Service

Take action and discover your vulnerabilities