plugins/mod_compression.lua in (1) Prosody prior to 0.9.4 and (2) Lightwitch Metronome up to and including 3.4 negotiates stream compression while a session is unauthenticated, which allows remote malicious users to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lightwitch metronome |
||
prosody prosody 0.6.2 |
||
prosody prosody 0.6.0 |
||
prosody prosody 0.4.1 |
||
prosody prosody 0.5.0 |
||
prosody prosody 0.5.1 |
||
prosody prosody 0.4.2 |
||
prosody prosody 0.5.2 |
||
prosody prosody 0.6.1 |
||
prosody prosody |
||
prosody prosody 0.9.1 |
||
prosody prosody 0.4.0 |
||
prosody prosody 0.2.0 |
||
prosody prosody 0.7.0 |
||
prosody prosody 0.8.1 |
||
prosody prosody 0.9.0 |
||
prosody prosody 0.8.2 |
||
prosody prosody 0.8.0 |
||
prosody prosody 0.1.0 |
||
prosody prosody 0.3.0 |
||
prosody prosody 0.9.2 |