common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Post_revolution | Postrev | * | 0.8.0c (including) |
| Post_revolution | Postrev | 0.6.2-beta (including) | 0.6.2-beta (including) |
| Post_revolution | Postrev | 0.6.3-beta (including) | 0.6.3-beta (including) |
| Post_revolution | Postrev | 0.6.4 (including) | 0.6.4 (including) |
| Post_revolution | Postrev | 0.6.5 (including) | 0.6.5 (including) |
| Post_revolution | Postrev | 0.6.6 (including) | 0.6.6 (including) |
| Post_revolution | Postrev | 0.7.0-rc1 (including) | 0.7.0-rc1 (including) |
| Post_revolution | Postrev | 0.7.0-rc2 (including) | 0.7.0-rc2 (including) |
| Post_revolution | Postrev | 0.7.0-rc3 (including) | 0.7.0-rc3 (including) |
| Post_revolution | Postrev | 0.7.0-rc4 (including) | 0.7.0-rc4 (including) |
| Post_revolution | Postrev | 0.8.0-alpha (including) | 0.8.0-alpha (including) |
| Post_revolution | Postrev | 0.8.0b (including) | 0.8.0b (including) |
References
- http://javierb.com.ar/2011/06/01/postrev-vunls/
- http://postrev.com.ar/verpost.php?id_noticia=59
- http://securityreason.com/securityalert/8270
- http://www.securityfocus.com/archive/1/518205/100/0/threaded
- http://www.securityfocus.com/bid/47967
- http://javierb.com.ar/2011/06/01/postrev-vunls/
- http://postrev.com.ar/verpost.php?id_noticia=59
- http://securityreason.com/securityalert/8270
- http://www.securityfocus.com/archive/1/518205/100/0/threaded
- http://www.securityfocus.com/bid/47967