Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2206


Vulnerability Score 5.5 5.5
CVE Id CVE-2011-2206
Last Modified 28 Jun 2011 12:00:00
Published 22 Jun 2011 06:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE


Summary in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

Vulnerable Systems


  • Brad Fitzpatrick Djabberd 0.80

  • Brad Fitzpatrick Djabberd 0.81

  • Brad Fitzpatrick Djabberd 0.82

  • Brad Fitzpatrick Djabberd 0.83

  • Brad Fitzpatrick Djabberd 0.84



MLIST - [oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection

MLIST - [oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection


MLIST - [djabberd] 20110613 Security Release DJabberd 0.85

Last Updated: 27 May 2016 10:56:57