Davenport XML扩展服务拒绝漏洞

漏洞信息详情

Davenport XML扩展服务拒绝漏洞

• CNNVD编号：CNNVD-200412-926
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-2415
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  davenport
• 漏洞来源：
  The individual res…

Davenport 0.9.10之前版本存在漏洞。攻击者可以借助（1）超大XML文件或（2）实体扩展攻击导致服务拒绝（资源耗尽）。

The vendor has released an upgrade dealing with this issue.
Davenport WebDAV Client 0.8

• Davenport Davenport 0.9.10
  
  http://sourceforge.net/project/showfiles.php?group_id=78146

Davenport WebDAV Client 0.9

• Davenport Davenport 0.9.10
  
  http://sourceforge.net/project/showfiles.php?group_id=78146

Davenport WebDAV Client 0.9.5

• Davenport Davenport 0.9.10
  
  http://sourceforge.net/project/showfiles.php?group_id=78146

Davenport WebDAV Client 0.9.6

• Davenport Davenport 0.9.10
  
  http://sourceforge.net/project/showfiles.php?group_id=78146

Davenport WebDAV Client 0.9.7

• Davenport Davenport 0.9.10
  
  http://sourceforge.net/project/showfiles.php?group_id=78146

Davenport WebDAV Client 0.9.8

• Davenport Davenport 0.9.10
  
  http://sourceforge.net/project/showfiles.php?group_id=78146

Davenport WebDAV Client 0.9.9

• Davenport Davenport 0.9.10
  
  http://sourceforge.net/project/showfiles.php?group_id=78146

来源: XF
名称: davenport-long-xml-dos(17062)
链接:http://xforce.iss.net/xforce/xfdb/17062

来源: BID
名称: 11001
链接:http://www.securityfocus.com/bid/11001

来源: OSVDB
名称: 9105
链接:http://www.osvdb.org/9105

来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=262497

来源: SECTRACK
名称: 1011030
链接:http://securitytracker.com/id?1011030

来源: SECUNIA
名称: 12337
链接:http://secunia.com/advisories/12337

来源: sourceforge.net
链接:http://sourceforge.net/mailarchive/forum.php?thread_id=5385243&forum_id=33977