[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1756Date: (C)2011-06-20   (M)2023-12-22


modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-44788
BID-48071
DSA-2250
http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0c
http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6
http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changelog
http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changelog
http://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2.diff.gz

CWE    1
CWE-399
OVAL    1
oval:org.secpod.oval:def:600536

© SecPod Technologies