Back to search
CVE-2011-1755
Published: Jun 21, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
jabberd-xml-entity-dos(67770)
vdb-entry
x_refsource_XF
http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog
x_refsource_CONFIRM
44957
third-party-advisory
x_refsource_SECUNIA
44787
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2011-10-12-3
vendor-advisory
x_refsource_APPLE
FEDORA-2011-7801
vendor-advisory
x_refsource_FEDORA
RHSA-2011:0881
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2011:0741
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=700390
x_refsource_CONFIRM
FEDORA-2011-7805
vendor-advisory
x_refsource_FEDORA
RHSA-2011:0882
vendor-advisory
x_refsource_REDHAT
48250
vdb-entry
x_refsource_BID
FEDORA-2011-7818
vendor-advisory
x_refsource_FEDORA
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
45112
third-party-advisory
x_refsource_SECUNIA
[jabberd2] 20110531 jabberd-2.2.14 release
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now