CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4077

HIGH
7.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile15.68th
PublishedSep 15, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

Affected Platforms (CPE)

πŸ“¦
Ledgersmb

Ledgersmb

< 1.2.15
πŸ“¦
Sql Ledger

Sql Ledger

<= 2.8.17

References & Advisories

πŸ”— http://secunia.com/advisories/31843
πŸ”— http://securityreason.com/securityalert/4250
πŸ”— http://www.ledgersmb.org/node/70
πŸ”— http://www.securityfocus.com/archive/1/496181/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/31109
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45033
πŸ”— http://secunia.com/advisories/31843
πŸ”— http://securityreason.com/securityalert/4250

Related Vulnerabilities

CVE-2007-537210.0

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attack...

CVE-2007-390710.0

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perfor...

CVE-2007-132910.0

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitra...

CVE-2018-92469.8

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escape...