ID CVE-2007-0538
Summary Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.
References
Vulnerable Configurations
  • cpe:2.3:a:telligent_systems:community_server_forums:*:*:*:*:*:*:*:*
    cpe:2.3:a:telligent_systems:community_server_forums:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 16-10-2018 - 16:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bugtraq
  • 20070124 DoS against Telligent Community Server
  • 20070124 Weaknesses in Pingback Design
osvdb
  • 33583
  • 33584
sreason 2211
Last major update 16-10-2018 - 16:33
Published 29-01-2007 - 17:28
Last modified 16-10-2018 - 16:33
Back to Top