Vulnerability ID: HTB22835 Reference: http://www.htbridge.ch/advisory/dos_denial_of_service_risk_in_flatnux.html Product: FlatNux Vendor: Alessandro Vernassa ( http://www.flatnux.altervista.org/ ) Vulnerable Version: flatnux-2011-01.26 and probably prior versions Vendor Notification: 03 February 2011 Vulnerability Type: DoS (Denial of Service) Risk Status: Fixed by Vendor Risk level: Low Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) Vulnerability Details: This attack can be aimed to block the website. The following PoC is available: http://host/login.html?mod[]=login&op=modprof&user=dos Also this generated an error that will reveal the full path of the script. Solution: Upgrade to the most recent version
