|
[Japanese]
|
JVNDB-2023-000087
|
SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
|
|
Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333, CVE-2023-40599).
This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above.
Tran Quang Vu of FPT Software reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 3.7 (Low) [IPA Score]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
|
|
|
SYNCK GRAPHICA
- Mailform Pro CGI 4.3.1.3 and earlier
|
According to the developer, the product is affected by the vulnerability when the following functions are enabled.
* call/call.js
* prefcodeadv/search.cgi
* estimate/estimate.js
* search/search.js
* suggest/suggest.js
* coupon/coupon.js
|
|
A remote attacker may be able to cause a denial-of-service (DoS).
|
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer.
|
|
SYNCK GRAPHICA
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2023-40599
|
|
- JVN : JVN#86484824
- JVN : JVN#70502982 SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
- National Vulnerability Database (NVD) : CVE-2023-40599
|
|
- [2023/08/24]
Web page published
- [2024/05/15]
References : Content was added
|
