CVE-2023-40052

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0

An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests.

Published: Jan 18, 2024
Updated: Jan 27, 2024
CVE: CVE-2023-40052
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
progress / openedge	11.7	11.7.18
progress / openedge	12.2	12.2.13
progress / openedge_innovation	-	12.8.0

https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport
https://www.progress.com/openedge

Vulnerability Database

CVE-2023-40052

Deep Security Visibility Without the Complexity