Title: Chili!Soft License File Deletion DOS Vulnerability
Severity: LOW
Description:
ChiliSoft ASP (CASP) is a cross-platform Active Server Pages implementation for Linux and other platforms including Lotus Domino, Apache, HP-UX, AIX and others.
Chilisoft ASP's web-based license update tool creates its server license file as world-writeable. As a result, any local user may overwrite, delete or modify it.
Because the program will fail to run if the license file is absent or rendered invalid, deletion of this file by a local user has the effect of a denial of service attack on the webserver's ASP support.
Common on web hosting systems where multiple users from different organizations having access to the same systems. A malicious user in any of these organizations may be able to create a DoS for all users sharing the system.
Affected Products:
- Chilisoft ChiliSoft ASP for Linux 3.0.0
- Chilisoft ChiliSoft ASP for Linux 3.5.0
- Chilisoft ChiliSoft ASP for Linux 3.5.2
References:
- Chili!Soft: Chili!Soft Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
