Published:2005/07/28  Last Updated:2008/05/21

JVN#29273468
QRcode Perl CGI & PHP script vulnerable to denial of service attack

Overview

QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from clients, which could also affect other processes running on the server.

Products Affected

  • QRcode Perl/CGI & PHP script ver. 0.50f and earlier (including both Perl versions and PHP versions)

Description

Impact

A remote attacker may cause a denial of service (DoS) attack.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
swetake.com Vulnerable 2005/07/28

References

JPCERT/CC Addendum

Credit

Tomohito Yoshino of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports JPCERT-WR-2005-3001 JPCERT/CC REPORT 2005-08-03
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000778

Update History