Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Davenport | Davenport | 0.8.0 (including) | 0.8.0 (including) |
| Davenport | Davenport | 0.9.0 (including) | 0.9.0 (including) |
| Davenport | Davenport | 0.9.5 (including) | 0.9.5 (including) |
| Davenport | Davenport | 0.9.6 (including) | 0.9.6 (including) |
| Davenport | Davenport | 0.9.7 (including) | 0.9.7 (including) |
| Davenport | Davenport | 0.9.8 (including) | 0.9.8 (including) |
| Davenport | Davenport | 0.9.9 (including) | 0.9.9 (including) |
References
- http://secunia.com/advisories/12337
- http://securitytracker.com/id?1011030
- http://sourceforge.net/mailarchive/forum.php?thread_id=5385243\u0026forum_id=33977
- http://sourceforge.net/project/shownotes.php?release_id=262497
- http://www.osvdb.org/9105
- http://www.securityfocus.com/bid/11001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17062
- http://secunia.com/advisories/12337
- http://securitytracker.com/id?1011030
- http://sourceforge.net/mailarchive/forum.php?thread_id=5385243\u0026forum_id=33977
- http://sourceforge.net/project/shownotes.php?release_id=262497
- http://www.osvdb.org/9105
- http://www.securityfocus.com/bid/11001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17062