VULHUB ™

The web-based Configuration Wizard used to finalize settings during an install of Allaire Spectra is left on the machine after installation is complete, and can be used in a denial of service attack on the Spectra server. One of the functions performed by this wizard is indexing all data collections on the server. This process is CPU-intensive, and can be accessed remotely via a URL. An attacker could repeatedly start the indexing process, causing a degradation or denial of service.

The web-based Configuration Wizard used to finalize settings during an install of Allaire Spectra is left on the machine after installation is complete, and can be used in a denial of service attack on the Spectra server. One of the functions performed by this wizard is indexing all data collections on the server. This process is CPU-intensive, and can be accessed remotely via a URL. An attacker could repeatedly start the indexing process, causing a degradation or denial of service.