Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-1756

Published: 21/06/2011 Updated: 26/10/2011
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Citadel

Vulnerability Summary

modules/xmpp/serv_xmpp.c in Citadel 7.86 and previous versions does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

citadel citadel

citadel citadel 7.80

citadel citadel 7.81

citadel citadel 7.82

citadel citadel 7.84

citadel citadel 7.50

citadel citadel 7.60

citadel citadel 7.11

Vendor Advisories

Debian Security Advisories: DSA-2250-1 citadel -- denial of service
Wouter Coekaerts discovered that the Jabber server component of Citadel, a complete and feature-rich groupware server, is vulnerable to the so-called billion laughs attack because it does not prevent entity expansion on received data This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML d ...

References

CWE-399http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changeloghttp://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2.diff.gzhttp://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0chttp://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changeloghttp://secunia.com/advisories/44788http://www.debian.org/security/2011/dsa-2250http://www.securityfocus.com/bid/48071https://nvd.nist.govhttps://www.debian.org/security/./dsa-2250
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook