QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1753

Published: Jun 21, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ejabberd-xml-dos(67769)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7/

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac612a6a956c1ff0b6

x_refsource_CONFIRM

FEDORA-2011-8415

vendor-advisory

x_refsource_FEDORA

http://www.ejabberd.im/ejabberd-2.1.7

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=700454

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

FEDORA-2011-8437

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.