Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-1753

Published: 21/06/2011 Updated: 17/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ejabberd

Vulnerability Summary

expat_erl.c in ejabberd prior to 2.1.7 and 3.x prior to 3.0.0-alpha-3, and exmpp prior to 0.9.7, does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable Product Search on Vulmon Subscribe to Product

process-one ejabberd 2.0.5

process-one ejabberd 2.0.4

process-one ejabberd 1.1.1.1

process-one ejabberd 1.1.0

process-one ejabberd 1.1.1

process-one ejabberd 1.1.14

process-one ejabberd 2.1.2

process-one ejabberd 2.1.1

process-one ejabberd 2.0.3

process-one ejabberd 0.9.1

process-one ejabberd 1.1.1.0

process-one ejabberd 2.0.0

process-one ejabberd 3.0.0

process-one ejabberd 2.1.0

process-one ejabberd 1.0.0

process-one ejabberd 0.9

process-one ejabberd 1.1.3

process-one ejabberd 2.1.5

process-one ejabberd

process-one ejabberd 1.1.2

process-one ejabberd 0.9.8

process-one ejabberd 2.0.2

process-one ejabberd 2.0.1_2

process-one ejabberd 2.1.3

process-one ejabberd 2.1.4

process-one exmpp 0.9.1

process-one exmpp

process-one exmpp 0.9.4

process-one exmpp 0.9.5

process-one exmpp 0.9.2

process-one exmpp 0.9.3

Vendor Advisories

Debian Security Advisories: DSA-2248-1 ejabberd -- denial of service
Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called billion laughs attack because it does not prevent entity expansion on received data This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it For the oldst ...

References

CWE-399http://secunia.com/advisories/44807http://www.debian.org/security/2011/dsa-2248http://www.ejabberd.im/ejabberd-2.1.7http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7/https://bugzilla.redhat.com/show_bug.cgi?id=700454http://secunia.com/advisories/44765https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac612a6a956c1ff0b6http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062099.htmlhttp://secunia.com/advisories/45120http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062145.htmlhttp://www.securityfocus.com/bid/48072https://exchange.xforce.ibmcloud.com/vulnerabilities/67769https://nvd.nist.govhttps://www.debian.org/security/./dsa-2248
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook