CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2506

HIGH
7.8
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile22.72th
PublishedMay 4, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

Affected Platforms (CPE)

πŸ“¦
Progress

Progress

= 9.1e
πŸ“¦
Progress

Webspeed

= 3.0
πŸ“¦
Progress

Webspeed

= 3.1a
πŸ“¦
Progress

Webspeed

= 3.1d
πŸ“¦
Progress

Webspeed

= 3.1e

References & Advisories

πŸ”— http://osvdb.org/35541
πŸ”— http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694
πŸ”— http://secunia.com/advisories/25129
πŸ”— http://www.ishare.nl/
πŸ”— http://www.securityfocus.com/archive/1/467375/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/467376/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/23778
πŸ”— http://osvdb.org/35541

Related Vulnerabilities

CVE-2007-226610.0

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyf...

CVE-2007-241710.0

Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authenticatio...

CVE-2006-636110.0

Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter be...

CVE-2019-184649.8

In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multipl...