Computer Security
[EN] securityvulns.ru no-pyccku


Citadel Jabber server / Jabberd / ejabberd DoS
Published:02.06.2011
Source:
SecurityVulns ID:11705
Type:remote
Threat Level:
5/10
Description:DoS on XML data parsing.
Affected:EJABBERD : ejabberd 2.1
 CITADEL : citadel 7.83
 JABBERD : jabberd 1.6
CVE:CVE-2011-1756 (modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
 CVE-2011-1754 (jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
 CVE-2011-1753 (expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2248-1] ejabberd security update (02.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2249-1] jabberd14 security update (02.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2250-1] citadel security update (02.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod