Vulnerability Details CVE-2004-2415
Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/12337
- http://securitytracker.com/id?1011030
- http://sourceforge.net/mailarchive/forum.php?thread_id=5385243&forum_id=33977
- http://sourceforge.net/project/shownotes.php?release_id=262497
- http://www.osvdb.org/9105
- http://www.securityfocus.com/bid/11001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17062
- http://secunia.com/advisories/12337
- http://securitytracker.com/id?1011030
- http://sourceforge.net/mailarchive/forum.php?thread_id=5385243&forum_id=33977
- http://sourceforge.net/project/shownotes.php?release_id=262497
- http://www.osvdb.org/9105
- http://www.securityfocus.com/bid/11001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17062
Products affected by CVE-2004-2415
-
cpe:2.3:a:davenport:davenport:0.8.0
-
cpe:2.3:a:davenport:davenport:0.9.0
-
cpe:2.3:a:davenport:davenport:0.9.5
-
cpe:2.3:a:davenport:davenport:0.9.6
-
cpe:2.3:a:davenport:davenport:0.9.7
-
cpe:2.3:a:davenport:davenport:0.9.8
-
cpe:2.3:a:davenport:davenport:0.9.9