ELOG Web LogBook Global Denial Of Service Network Vulnerability

Summary

The remote web server is affected by a denial of service issue. Description : The remote web server is identified as ELOG Web Logbook, an open source blogging software. The version of ELOG Web Logbook installed on the remote host is vulnerable to a denial of service attack by requesting '/global' or any logbook with 'global' in its name. When a request like this is received, a NULL pointer dereference occurs, leading to a crash of the service.

Solution

Upgrade to ELOG version 2.6.2-7 or later. CVSS Base Score : 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html
http://midas.psi.ch/elogs/Forum/2053
http://savannah.psi.ch/websvn/log.php?repname=elog&path=/trunk/&rev=1749&sc=1&isdir=1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-6318
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Solr Directory Traversal Vulnerability Jan-14
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat Directory Listing and File disclosure
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Continuum Cross Site Scripting Vulnerability

ELOG Web LogBook global Denial of Service

Take action and discover your vulnerabilities