CVE-2007-2506 - Vulnerability Details - OpenCVE

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Progress	Progress Webspeed

Configuration 1 [-]

OR	cpe:2.3:a:progress:progress:9.1e:::::::*
	cpe:2.3:a:progress:webspeed:3.0:::::::*
	cpe:2.3:a:progress:webspeed:3.1a:::::::*
	cpe:2.3:a:progress:webspeed:3.1d:::::::*
	cpe:2.3:a:progress:webspeed:3.1e:::::::*

No data.

References

Link	Providers
http://osvdb.org/35541
http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694
http://secunia.com/advisories/25129
http://www.ishare.nl/
http://www.securityfocus.com/archive/1/467375/100/0/threaded
http://www.securityfocus.com/archive/1/467376/100/0/threaded
http://www.securityfocus.com/bid/23778

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-04T01:00:00

Updated: 2024-08-07T13:42:33.402Z

Reserved: 2007-05-03T00:00:00

Link: CVE-2007-2506

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-05-04T01:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2506

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694"}, {"name": "23778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23778"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ishare.nl/"}, {"name": "20070502 response Progress: Denial of Service attack against WebSpeed possible", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"}, {"name": "35541", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35541"}, {"name": "20070501 Disable website access for sites running Webspeed", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"}, {"name": "25129", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25129"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2506", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694", "refsource": "CONFIRM", "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694"}, {"name": "23778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23778"}, {"name": "http://www.ishare.nl/", "refsource": "MISC", "url": "http://www.ishare.nl/"}, {"name": "20070502 response Progress: Denial of Service attack against WebSpeed possible", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"}, {"name": "35541", "refsource": "OSVDB", "url": "http://osvdb.org/35541"}, {"name": "20070501 Disable website access for sites running Webspeed", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"}, {"name": "25129", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25129"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:42:33.402Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694"}, {"name": "23778", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23778"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ishare.nl/"}, {"name": "20070502 response Progress: Denial of Service attack against WebSpeed possible", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"}, {"name": "35541", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35541"}, {"name": "20070501 Disable website access for sites running Webspeed", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"}, {"name": "25129", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25129"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2506", "datePublished": "2007-05-04T01:00:00", "dateReserved": "2007-05-03T00:00:00", "dateUpdated": "2024-08-07T13:42:33.402Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:progress:9.1e:*:*:*:*:*:*:*", "matchCriteriaId": "BAC44608-A273-4EA8-9A60-CA10903AE0A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CA5B493-3BB1-4847-8055-15B93171EC9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:webspeed:3.1a:*:*:*:*:*:*:*", "matchCriteriaId": "FFE71387-6ED3-4560-89AC-2E95BCE4A0E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:webspeed:3.1d:*:*:*:*:*:*:*", "matchCriteriaId": "D3762BC5-B7B1-467F-BD7B-A167CF8EFEEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:webspeed:3.1e:*:*:*:*:*:*:*", "matchCriteriaId": "903C177E-A627-4A28-8AF4-C10B668B9D15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO."}, {"lang": "es", "value": "WebSpeed 3.x de OpenEdge 10.x en Progress Software Progress 9.1e, y otras versiones concretas 9.x, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito y congelaci\u00f3n de demonio) mediante una URL de mensajero que invoca _edit.r sin par\u00e1metros adicionales, como demuestra realizando peticiones de cgiip.exe \u00f3 wsisa.dll con WService=wsbroker1/_edit.r en PATH_INFO."}], "id": "CVE-2007-2506", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-04T01:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35541"}, {"source": "cve@mitre.org", "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25129"}, {"source": "cve@mitre.org", "url": "http://www.ishare.nl/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/23778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25129"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ishare.nl/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/23778"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}