Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-40052

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests.

Published

2024-01-18T15:15:09.247

Last Modified

2024-11-21T08:18:36.560

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	openedge	< 11.7.18	Yes
Application	progress	openedge	< 12.2.13	Yes
Application	progress	openedge_innovation	< 12.8.0	Yes

References

https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport Vendor Advisory ([email protected])
https://www.progress.com/openedge Product ([email protected])
https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.progress.com/openedge Product (af854a3a-2127-422b-91ae-364da2661108)