nio/XMLLightweightParser.java in Ignite Realtime Openfire prior to 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
igniterealtime openfire |