Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-0217

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request)

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Jonas Schäfer &lt;jonas () wielicki name&gt;

Date: Tue, 18 Jan 2022 17:05:50 +0100

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Donnerstag, 13. Januar 2022 15:01:11 CET Jonas Schäfer wrote:
A remote unauthenticated denial of service / resource exhaustion attack was
discovered in all Prosody servers with WebSockets enabled and publicly
accessible.

Upstream builds have been started and should be available shortly. The
closely related Snikket project will publish new images shortly, too. Jitsi
Meet have been informed ahead of time.

Please see the below advisory for full information.

As promised, attached you'll find instructions for probing for the 
vulnerability.

kind regards,
JonasAttachment:
instructions.md
Description: 
Attachment:
signature.asc
Description: This is a digitally signed message part.

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)

Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)

Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) Jonas Schäfer (Jan 13)

Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) Kim Alvefur (Jan 20)

Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 18)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request)

Vulmon Search

About

Products

Connect