Back to search
CVE-2011-2206
Published: Jun 22, 2011
Modified: Sep 16, 2024
PUBLISHED
Description
XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection
mailing-list
x_refsource_MLIST
https://raw.github.com/djabberd/DJabberd/master/CHANGES
x_refsource_CONFIRM
[djabberd] 20110613 Security Release DJabberd 0.85
mailing-list
x_refsource_MLIST
[oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now