CVSTrac Text Output Formatter SQL Injection DoS

medium Nessus Plugin ID 24263

Synopsis

The remote web server contains a CGI script or is itself subject to a denial of service attack.

Description

According to its version number, the version of CVSTrac installed on the remote host contains a flaw related to its Wiki-style text output formatter that may allow an attacker to cause a partial denial of service, depending on the pages requested, via limited SQL injection.

Solution

Upgrade to CVSTrac 2.0.1 or later.

See Also

http://www.cvstrac.org/cvstrac/tktview?tn=683

http://www.cvstrac.org/cvstrac/chngview?cn=850

https://www.securityfocus.com/archive/1/458455/30/0/threaded

Plugin Details

Severity: Medium

ID: 24263

File Name: cvstrac_output_formatter_dos.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 1/30/2007

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/29/2007

Reference Information

CVE: CVE-2007-0347

BID: 22296