FCKeditor.Java Connector Servlet 'CurrentFolder' Infinite Loop DoS

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.


Synopsis :

A web application running on the remote host has a denial of service
vulnerability.

Description :

The remote web server is hosting a web application that uses
FCKeditor.Java, which is used to run FCKeditor in a Java environment.

Input to the 'CurrentFolder' parameter of the connector servlet is
not sanitized properly. It is possible to create a specially crafted
request that could put the web server into an infinite loop. A
remote attacker could use this to create a denial of service.

See also :

http://dev.fckeditor.net/ticket/3902
http://sourceforge.net/project/shownotes.php?release_id=697258
http://java.fckeditor.net/changes-report.html

Solution :

Upgrade to FCKeditor.Java version 2.4.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 39875 (fckeditor_java_currentfolder_dos.nasl)

Bugtraq ID: 35709

CVE ID: CVE-2009-4875