Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2206

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2011-2206
Last Modified 28 Jun 2011 12:00:00
Published 22 Jun 2011 06:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-2206

Summary

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

Vulnerable Systems

Application

  • Brad Fitzpatrick Djabberd 0.80

  • Brad Fitzpatrick Djabberd 0.81

  • Brad Fitzpatrick Djabberd 0.82

  • Brad Fitzpatrick Djabberd 0.83

  • Brad Fitzpatrick Djabberd 0.84


References

CONFIRM - https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992

MLIST - [oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection

MLIST - [oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection

CONFIRM - https://raw.github.com/djabberd/DJabberd/master/CHANGES

MLIST - [djabberd] 20110613 Security Release DJabberd 0.85


Last Updated: 27 May 2016 10:56:57