ProjectForum Denial of Service Vulnerability

vendor:

ProjectForum

by:

Peter Winter-Smith

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: ProjectForum

Affected Version From: 8.4.2.1

Affected Version To: 8.4.2.1

Patch Exists: NO

Related CWE:

CPE: a:projectforum:projectforum:8.4.2.1

Metasploit:

Other Scripts:

Platforms Tested:

ProjectForum Denial of Service Vulnerability

The ProjectForum application is prone to a denial of service vulnerability. This vulnerability allows remote attackers to crash the server by sending an excessively long string via the 'find' request.

Mitigation:

Apply the vendor-provided patch or upgrade to a non-vulnerable version.

Source

ProjectForum Denial of Service Vulnerability

Mitigation:

Exploit-DB raw data: