[Japanese]

JVNDB-2005-000778

QRcode Perl CGI & PHP script vulnerable to denial of service attack

Overview

QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from clients, which could also affect other processes running on the server.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


Y.Swetake (swetake.com)
  • QRcode Perl/CGI & PHP scripts ver. 0.50f and earlier (including both Perl versions and PHP versions)

Impact

A remote attacker may cause a denial of service (DoS) attack.
Solution

Vendor Information

Y.Swetake (swetake.com)
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#29273468
Revision History

  • [2008/05/21]
      Web page published