CVE-2007-2506

Progress Software Progress <9.1e - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2506. PoCs published by Eelko Neven.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in WebSpeed by flooding the target with HTTP GET requests. It repeatedly connects to the specified site and page, sending requests without proper sanitization, leading to potential unresponsiveness.

Description

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eelko Neven · perldoswindows

https://www.exploit-db.com/exploits/29943

View Code ZIP pw:eip

This exploit targets a denial-of-service vulnerability in WebSpeed by flooding the target with HTTP GET requests. It repeatedly connects to the specified site and page, sending requests without proper sanitization, leading to potential unresponsiveness.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: WebSpeed (version not specified)

No auth needed

Prerequisites: Target IP/hostname and a valid page path

MITRE ATT&CK