CVE: CVE-2008-1700

Export to Word

The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.00701
Percentile: 0.71075

CVSS Scoring

CVSS v2 Score: 7.1

Severity:

Mapped CWE(s)

CWE-770 : Allocation of Resources Without Limits or Throttling

All CAPEC(s)

CAPEC-125: Flooding
CAPEC-130: Excessive Allocation
CAPEC-147: XML Ping of the Death
CAPEC-197: Exponential Data Expansion
CAPEC-229: Serialized Data Parameter Blowup
CAPEC-230: Serialized Data with Nested Payloads
CAPEC-231: Oversized Serialized Data Payloads
CAPEC-469: HTTP DoS
CAPEC-482: TCP Flood
CAPEC-486: UDP Flood
CAPEC-487: ICMP Flood
CAPEC-488: HTTP Flood
CAPEC-489: SSL Flood
CAPEC-490: Amplification
CAPEC-491: Quadratic Data Expansion
CAPEC-493: SOAP Array Blowup
CAPEC-494: TCP Fragmentation
CAPEC-495: UDP Fragmentation
CAPEC-496: ICMP Fragmentation
CAPEC-528: XML Flood

CAPEC(s) with Mapped TTPs

CAPEC-125: Flooding
Mapped TTPs:
- T1498.001 : Direct Network Flood
- T1499 : Endpoint Denial of Service
CAPEC-130: Excessive Allocation
Mapped TTPs:
- T1499.003 : Application Exhaustion Flood
CAPEC-469: HTTP DoS
Mapped TTPs:
- T1499.002 : Service Exhaustion Flood
CAPEC-482: TCP Flood
Mapped TTPs:
- T1498.001 : Direct Network Flood
- T1499.001 : OS Exhaustion Flood
- T1499.002 : Service Exhaustion Flood
CAPEC-488: HTTP Flood
Mapped TTPs:
- T1499.002 : Service Exhaustion Flood
CAPEC-489: SSL Flood
Mapped TTPs:
- T1499.002 : Service Exhaustion Flood
CAPEC-490: Amplification
Mapped TTPs:
- T1498.002 : Reflection Amplification
CAPEC-528: XML Flood
Mapped TTPs:
- T1499.002 : Service Exhaustion Flood
- T1498.001 : Direct Network Flood

Mapped ATT&CK TTPs

T1498.001 : Direct Network Flood
Kill Chain: impact
T1499 : Endpoint Denial of Service
Kill Chain: impact
T1499.003 : Application Exhaustion Flood
Kill Chain: impact
T1499.002 : Service Exhaustion Flood
Kill Chain: impact
T1498.001 : Direct Network Flood
Kill Chain: impact
T1499.001 : OS Exhaustion Flood
Kill Chain: impact
T1499.002 : Service Exhaustion Flood
Kill Chain: impact
T1499.002 : Service Exhaustion Flood
Kill Chain: impact
T1499.002 : Service Exhaustion Flood
Kill Chain: impact
T1498.002 : Reflection Amplification
Kill Chain: impact
T1499.002 : Service Exhaustion Flood
Kill Chain: impact
T1498.001 : Direct Network Flood
Kill Chain: impact

Malware

APTs Threat Group Associations

Sandworm Team

Campaigns

Affected Products

cpe:2.3:a:interwoven:worksite_web:*:*:*:*:*:*:*:*

← Back to Home