Vulnerability Description
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ledgersmb | Ledgersmb | < 1.2.15 |
| Sql-Ledger | Sql-Ledger | <= 2.8.17 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31843Vendor Advisory
- http://securityreason.com/securityalert/4250Third Party Advisory
- http://www.ledgersmb.org/node/70Release Notes
- http://www.securityfocus.com/archive/1/496181/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/31109Broken LinkPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45033Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/31843Vendor Advisory
- http://securityreason.com/securityalert/4250Third Party Advisory
- http://www.ledgersmb.org/node/70Release Notes
- http://www.securityfocus.com/archive/1/496181/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/31109Broken LinkPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45033Third Party AdvisoryVDB Entry
FAQ
What is CVE-2008-4077?
CVE-2008-4077 is a vulnerability with a CVSS score of 7.8 (HIGH). The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a la...
How severe is CVE-2008-4077?
CVE-2008-4077 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4077?
Check the references section above for vendor advisories and patch information. Affected products include: Ledgersmb Ledgersmb, Sql-Ledger Sql-Ledger.