Published: 03/02/2010 Updated: 17/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

ejabberd_c2s.erl in ejabberd prior to 2.1.3 allows remote malicious users to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
process-one ejabberd 1.1.2
process-one ejabberd 0.9.8
process-one ejabberd 2.0.2
process-one ejabberd 2.0.1_2
process-one ejabberd 2.1.1
process-one ejabberd 2.0.3
process-one ejabberd 0.9.1
process-one ejabberd 1.1.1.0
process-one ejabberd 1.1.1.1
process-one ejabberd 2.0.0
process-one ejabberd
process-one ejabberd 2.1.0
process-one ejabberd 1.0.0
process-one ejabberd 0.9
process-one ejabberd 1.1.3
process-one ejabberd 2.0.5
process-one ejabberd 2.0.4
process-one ejabberd 1.1.0
process-one ejabberd 1.1.1
process-one ejabberd 1.1.14

Debian Bug report logs - #568383 ejabberd: CVE-2010-0305 remote denial of service via too many client2server messages Package: ejabberd; Maintainer for ejabberd is Ejabberd Packaging Team <ejabberd@packagesdebianorg>; Source for ejabberd is src:ejabberd (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> ...

It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2serl allows remote authenticated users to cause a denial of service by sending a large number of c2s (client2server) messages; that triggers an overload of the queue, which in turn causes a crash of the ejabberd daemon For the stable di ...

CWE-20 https://support.process-one.net/browse/EJAB-1173 http://www.osvdb.org/62066 http://www.openwall.com/lists/oss-security/2010/01/29/5 http://secunia.com/advisories/38337 http://www.openwall.com/lists/oss-security/2010/01/29/1 http://www.securityfocus.com/bid/38003 http://secunia.com/advisories/39423 http://www.debian.org/security/2010/dsa-2033 http://www.vupen.com/english/advisories/2010/0894 https://exchange.xforce.ibmcloud.com/vulnerabilities/56025 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568383 https://nvd.nist.gov https://www.debian.org/security/./dsa-2033

CVE-2010-0305

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect