DoS in Webwasher Print
Written by Rebecca Mints   
Sunday, 13 April 2008 18:00

A vulnerability has been discovered in Webwasher CSM Suite 5.x, Webwasher 6.x, Webwasher PG, and Webwasher EE. Successful exploitation would cause a DoS (Denial of Service). The issue lies in an error that presents itself in the processing of URLs while running on a newer Linux system. The end result is that the service freezes via a carefully crafted URL. This vulnerability has been rated as "less critical."


According to Secunia "The vulnerability is reported in the following products: * Webwasher appliances 6.x (CGLinux 4 or 5) prior to build number 3150 * Webwasher software versions prior to versions 6.6.3 build 3150 or 5.3.0 build 3159 running on: - RedHat Enterprise Linux 4 - Debian Linux 4 - SLES 10 SOLUTION: Update to versions 6.6.3 build 3150 or 5.3.0 build 3159. PROVIDED AND/OR DISCOVERED BY: The vendor credits National Australia Bank Security Assurance."



REFERENCES:
SecuObs.com
Webwasher URL Processing Denial of Service Vulnerability