Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Known ELOG Vulnerabilities  Not logged in ELOG logo
Message ID: 4     Entry time: Wed Jan 30 11:40:45 2008
Date reported:November 10, 2006 
Date fixed:November 28, 2006 
Problem: ELOG can be crashed with a specially crafted URL 
Versions: prior to 2.6.3 
Risk: Medium 
Solution: Upgrade to version 2.6.3 

A vulnerability has been identified in ELOG, which could be exploited by attackers to cause a denial of service. This flaw is due to a NULL pointer dereference error when handling a specially crafted URL with a logbook set to "global", which could be exploited by malicious users to crash a vulnerable application, creating a denial of service condition.

ELOG V3.1.5-fe60aaf