Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-32917

Published: 13/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Prosody

Vulnerability Summary

An issue exists in Prosody prior to 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prosody prosody

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921
Debian Bug report logs - #988668 prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 Package: src:prosody; Maintainer for src:prosody is Debian XMPP Maintainers <pkg-xmpp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 May 2021 17:12:0 ...
Debian Security Advisories: DSA-4916-1 prosody -- security update
Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 0112-1+deb10u1 We recommend that you upgrade your prosody packages For the detailed security status of prosody please ...
Arch Linux Issues:
A security issue was found in the Prosodyim XMPP server software before version 0119 mod_proxy65 is a file transfer proxy provided with Prosody to facilitate the transfer of files and other data between XMPP clients It was discovered that the proxy65 component of Prosody allows open access by default, even if neither of the users have an XMPP ...

Mailing Lists

Full Disclosure: Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

CWE-862https://blog.prosody.im/prosody-0.11.9-released/http://www.openwall.com/lists/oss-security/2021/05/13/1http://www.openwall.com/lists/oss-security/2021/05/14/2https://www.debian.org/security/2021/dsa-4916https://security.gentoo.org/glsa/202105-15https://lists.debian.org/debian-lts-announce/2021/06/msg00016.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4916
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook