CVE-2006-2310

BlueDragon Server and Server JX - Denial of Service via MS-DOS Device Name Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2310. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary The provided text describes a remote denial-of-service vulnerability in BlueDragon 6.2.1.286 due to inefficient handling of malformed GET requests. It lists specific URLs that can trigger the DoS condition.

Description

BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tan Chew Keong · textdoscfm
https://www.exploit-db.com/exploits/28100

The provided text describes a remote denial-of-service vulnerability in BlueDragon 6.2.1.286 due to inefficient handling of malformed GET requests. It lists specific URLs that can trigger the DoS condition.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: BlueDragon 6.2.1.286
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19180
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18624
Exploit, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2006-18/advisory
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2502

Scores

EPSS 0.0668
EPSS Percentile 93.0%

Details

Status published
Products (2)
new_atlanta_communications/bluedragon_server 6.2.1.286
new_atlanta_communications/bluedragon_server_jx 6.2.1.286
Published Jun 26, 2006
Tracked Since Feb 18, 2026