Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1755

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1755
Last Modified 29 Oct 2011 11:35:54
Published 20 Jun 2011 10:52:43
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1755

Summary

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable Systems

Application

  • Jabberd2 2.1

  • Jabberd2 2.1.1

  • Jabberd2 2.1.10

  • Jabberd2 2.1.11

  • Jabberd2 2.1.12

  • Jabberd2 2.1.13

  • Jabberd2 2.1.14

  • Jabberd2 2.1.15

  • Jabberd2 2.1.16

  • Jabberd2 2.1.17

  • Jabberd2 2.1.18

  • Jabberd2 2.1.19

  • Jabberd2 2.1.2

  • Jabberd2 2.1.20

  • Jabberd2 2.1.21

  • Jabberd2 2.1.22

  • Jabberd2 2.1.23

  • Jabberd2 2.1.24

  • Jabberd2 2.1.3

  • Jabberd2 2.1.4

  • Jabberd2 2.1.5

  • Jabberd2 2.1.6

  • Jabberd2 2.1.7

  • Jabberd2 2.1.8

  • Jabberd2 2.1.9

  • Jabberd2 2.2.0

  • Jabberd2 2.2.1

  • Jabberd2 2.2.10

  • Jabberd2 2.2.11

  • Jabberd2 2.2.12

  • Jabberd2 2.2.13

  • Jabberd2 2.2.2

  • Jabberd2 2.2.3

  • Jabberd2 2.2.4

  • Jabberd2 2.2.5

  • Jabberd2 2.2.6

  • Jabberd2 2.2.7

  • Jabberd2 2.2.7.1

  • Jabberd2 2.2.8

  • Jabberd2 2.2.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=700390

MLIST - [jabberd2] 20110531 jabberd-2.2.14 release

SUSE - SUSE-SU-2011:0741

XF - jabberd-xml-entity-dos(67770)

BID - 48250

REDHAT - RHSA-2011:0882

REDHAT - RHSA-2011:0881

CONFIRM - http://support.apple.com/kb/HT5002

SECUNIA - 45112

SECUNIA - 44957

SECUNIA - 44787

FEDORA - FEDORA-2011-7818

FEDORA - FEDORA-2011-7805

FEDORA - FEDORA-2011-7801

APPLE - APPLE-SA-2011-10-12-3

CONFIRM - http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog

Related Patches

Apple 2011-10-12 Mac OS X 10.7.2 Combo Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Update

Apple 2011-10-12 Mac OS X 10.7.2 Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Combo Update

Apple 2011-10-12 Security Update 2011-006 (Snow Leopard)

Apple 2011-10-12 Security Update 2011-006 Server (Snow Leopard)


Last Updated: 27 May 2016 10:56:26