Executive Summary

Name CVE-2008-1700 First vendor Publication 2008-04-08
Vendor Cve Last vendor Modification 2017-08-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1700

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99 XML Parser Attack
CAPEC-119 Resource Depletion
CAPEC-121 Locate and Exploit Test APIs
CAPEC-125 Resource Depletion through Flooding
CAPEC-130 Resource Depletion through Allocation
CAPEC-147 XML Ping of Death
CAPEC-197 XEE (XML Entity Expansion)
CAPEC-227 Denial of Service through Resource Depletion
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message
CAPEC-229 XML Attribute Blowup

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
44281 Interwoven WorkSite Web TransferCtrl Class ActiveX (iManFile.cab) SendNrlLink...

Sources (Detail)

Source Url
MISC http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-...
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/41757

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-05-23 01:39:21
  • Multiple Updates
2020-05-23 00:21:33
  • Multiple Updates
2017-08-08 09:24:00
  • Multiple Updates
2013-05-11 00:14:38
  • Multiple Updates