Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2205

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2205
Last Modified 23 Jun 2011 10:53:28
Published 22 Jun 2011 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2205

Summary

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable Systems

Application

  • Prosody 0.1.0

  • Prosody 0.2.0

  • Prosody 0.3.0

  • Prosody 0.4.0

  • Prosody 0.4.1

  • Prosody 0.4.2

  • Prosody 0.5.0

  • Prosody 0.5.1

  • Prosody 0.5.2

  • Prosody 0.6

  • Prosody 0.6.0

  • Prosody 0.6.1

  • Prosody 0.7

  • Prosody 0.7.0

  • Prosody 0.8

  • Prosody 0.8.0


References

CONFIRM - http://prosody.im/doc/release/0.8.1

CONFIRM - http://hg.prosody.im/0.8/rev/ee6a18f10a8d

CONFIRM - http://hg.prosody.im/0.8/rev/5305a665bdd4

CONFIRM - http://blog.prosody.im/prosody-0-8-1-released/

XF - prosody-xml-dos(67884)

BID - 48125

MLIST - [oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection

MLIST - [oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection

SECUNIA - 44852


Last Updated: 27 May 2016 10:56:57