Release date:
Affected Versions:
FCKeditor. Java 2.4
Vulnerability description:
Bugraq ID: 35709
Cncan id: CNCAN-2009071702
FCKeditor. Java is an integration package between the FCKeditor editor and Java. With FCKeditor. Java, You can process files in the FCKeditor editor in Java programs, upload files, browse files, and other functions that require server support.
FCKeditor. Java does not properly process request parameters. Remote attackers can exploit this vulnerability to crash applications.
If you submit the ctrl character as the request parameter, tomcat will always respond to the request, resulting in a denial of service attack. <* Reference
Http://dev.fckeditor.net/ticket/3902
*>
SEBUG Security suggestions:
Upgrade to the latest program:
FCKeditor. Java 2.4
FCKeditor fckeditor-java-2.4.2-bin.tar.gz
Http://sourceforge.net/projects/fckeditor/files/FCKeditor.Java/fckedit or-java-2.4.2-bin.tar.gz/download
// Sebug.net []