CVE-2007-6315

BarracudaDrive Web Server <3.8 - DoS

Title source: llm

Description

Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/4713

View on exploitdb

References (6)

[Exploit] http://aluigi.altervista.org/adv/barradrive-adv.txt

[Vendor Advisory] http://secunia.com/advisories/28032

[Exploit, Patch] http://www.securityfocus.com/bid/26805

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38974

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484833/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3434

Scores

EPSS 0.0602

EPSS Percentile 90.6%

Classification

CWE

CWE-119

Status draft

Affected Products (2)

real_time_logic/barracudadrive_web_server

real_time_logic/barracudadrive_web_server_home_server

Timeline

Published Dec 12, 2007

Tracked Since Feb 18, 2026