CVE-2011-1952 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2011-1952

CWE

https://cwe.mitre.org/data/definitions/399.html

common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence.

Affected Software

Name	Vendor	Start Version	End Version
Post_revolution	Postrev	0.6.2	0.6.2
Post_revolution	Postrev	0.6.3	0.6.3
Post_revolution	Postrev	0.6.4	0.6.4
Post_revolution	Postrev	0.6.5	0.6.5
Post_revolution	Postrev	0.6.6	0.6.6
Post_revolution	Postrev	0.7.0	0.7.0
Post_revolution	Postrev	0.7.0	0.7.0
Post_revolution	Postrev	0.7.0	0.7.0
Post_revolution	Postrev	0.7.0	0.7.0
Post_revolution	Postrev	0.8.0	0.8.0
Post_revolution	Postrev	0.8.0b	0.8.0b
Post_revolution	Postrev	*	0.8.0c

References

http://javierb.com.ar/2011/06/01/postrev-vunls/
http://postrev.com.ar/verpost.php?id_noticia=59
http://securityreason.com/securityalert/8270
http://www.securityfocus.com/archive/1/518205/100/0/threaded
http://www.securityfocus.com/bid/47967