[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1755Date: (C)2011-06-20   (M)2024-02-09


jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
SECUNIA-44787
SECUNIA-44957
SECUNIA-45112
BID-48250
APPLE-SA-2011-10-12-3
FEDORA-2011-7801
FEDORA-2011-7805
FEDORA-2011-7818
RHSA-2011:0881
RHSA-2011:0882
SUSE-SU-2011:0741
http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01655.html
http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog
http://support.apple.com/kb/HT5002
https://bugzilla.redhat.com/show_bug.cgi?id=700390
jabberd-xml-entity-dos(67770)

CWE    1
CWE-776
OVAL    4
oval:org.secpod.oval:def:3159
oval:org.secpod.oval:def:102710
oval:org.secpod.oval:def:102709
oval:org.secpod.oval:def:102828
...

© SecPod Technologies