Detections
Analytics

ELOG Web LogBook global Denial of Service

medium Nessus Plugin ID 23652

Language:

Synopsis

The remote web server is affected by a denial of service issue.

Description

The remote web server is identified as ELOG Web Logbook, an open source blogging software.

The version of ELOG Web Logbook installed on the remote host is vulnerable to a denial of service attack by requesting '/global' or any logbook with 'global' in its name. When a request like this is received, a NULL pointer dereference occurs, leading to a crash of the service.

Solution

Upgrade to ELOG version 2.6.2-7 or later.

See Also

https://seclists.org/fulldisclosure/2006/Nov/196

http://www.nessus.org/u?67c4b2ac

https://midas.psi.ch/elogs/Forum/2053

Plugin Details

Severity: Medium

ID: 23652

File Name: elog_logbook_global_dos.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 11/20/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/9/2006

Reference Information

CVE: CVE-2006-6318

BID: 21028