The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive.
References
Link | Resource |
---|---|
http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf | Broken Link Exploit |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41757 | Third Party Advisory VDB Entry |
Configurations
History
02 Feb 2024, 03:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.1
v3 : unknown |
CWE | CWE-770 | |
References | (MISC) http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf - Broken Link, Exploit | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/41757 - Third Party Advisory, VDB Entry |
Information
Published : 2008-04-08 18:05
Updated : 2024-02-28 11:21
NVD link : CVE-2008-1700
Mitre link : CVE-2008-1700
CVE.ORG link : CVE-2008-1700
JSON object : View
Products Affected
interwoven
- worksite_web
CWE
CWE-770
Allocation of Resources Without Limits or Throttling