| VID |
21250 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PostNuke installed on the Web server, according to its version number, has a denial of service vulnerability via its Rating System.
PostNuke is a open source web-based content management system that runs on a wide range of platforms, including Windows and Linux. The program is written in PHP and uses a MySQL database backend. The PostNuke has the DoS vulnerability that arises due to the handling problem of rating strings of excessive length. By submitting a malicious crafted-string to the rating system, it is possible to cause the software to become unstable and potentially crash. Potentially, this vulnerability can affect both the web server and database server under the PostNuke installation.
* Note: This check solely relied on the version number of the remote PostNuke to assess this vulnerability, so this might be a false positive.
* References:
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ms/2003-06/0001.html
* Platforms Affected:
PostNuke Phoenix 0.721
PostNuke Phoenix 0.722
PostNuke Phoenix 0.723
UNIX/Linux Any version
Windows Any version |
| Recommendation |
Upgrade to the latest version of PostNuke (0.726 or later), available from the PostNuke Development Team's Official Web site, http://www.postnuke.com/ |
| Related URL |
(CVE) |
| Related URL |
7702 (SecurityFocus) |
| Related URL |
(ISS) |
|
