HIGH🇬🇧 English

CVE-2008-4077

CVSS 7.8v2.0pub. 2008-09-15upd. 2026-04-23

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:N/I:N/A:C
  • Ledgersmb

    APP
    Ledgersmb
    < 1.2.15
  • Sql Ledger

    APP
    Sql-Ledger
    ≤ 2.8.17
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2018-9246CRITICAL9.8ten sam produkt

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently...

CVE-2024-23831HIGH7.5ten sam produkt

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an a...

CVE-2021-3693HIGH8.8ten sam produkt

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially cr...

CVE-2021-3694HIGH8.2ten sam produkt

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted...

CVE-2009-4402HIGH7.5ten sam produkt

The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative o...

CVE-2008-4077 — HIGH 7.8 | CVEbaza.pl