Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2415

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2415
Last Modified 05 Sep 2008 04:44:04
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2415

Summary

Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks.

Vulnerable Systems

Application

  • Davenport 0.8.0

  • Davenport 0.9.0

  • Davenport 0.9.5

  • Davenport 0.9.6

  • Davenport 0.9.7

  • Davenport 0.9.8

  • Davenport 0.9.9


References

XF - davenport-long-xml-dos(17062)

BID - 11001

OSVDB - 9105

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=262497

SECTRACK - 1011030

SECUNIA - 12337

CONFIRM - http://sourceforge.net/mailarchive/forum.php?thread_id=5385243&forum_id=33977


Last Updated: 27 May 2016 10:39:28