Denial of Service Vulnerability in FlatnuX
Advisory ID: | HTB22835 |
Product: | FlatNux |
Vendor: | Alessandro Vernassa |
Vulnerable Versions: | flatnux-2011-01.26 and probably prior |
Tested Version: | flatnux-2011-01.26 |
Advisory Publication: | February 3, 2011 [without technical details] |
Vendor Notification: | February 3, 2011 |
Public Disclosure: | February 17, 2011 |
Vulnerability Type: | Infinite Loop [CWE-835] |
Risk Level: | Medium |
![]() | |
CVSSv2 Base Score: | 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) |
Solution Status: | Fixed by Vendor |
Discovered and Provided: | High-Tech Bridge Security Research Lab |
Advisory Details: | |
High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in FlatnuX which could be exploited to cause a denial of service. | |
Solution: | |
Upgrade to flatnux-2011-02.03. | |
References: | |
[1] High-Tech Bridge Advisory HTB22835 - https://www.immuniweb.com/advisory/HTB22835 - Denial of Service Vulnerability in FlatnuX [2] FlatnuX - flatnux.altervista.org- Flatnux is a CMS (Content Management System) that makes no use of DBMS, but only text files. [3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. | |
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.