Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-1755
Description:jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Test IDs: 1.3.6.1.4.1.25623.1.0.69879   1.3.6.1.4.1.25623.1.0.69875   1.3.6.1.4.1.25623.1.0.69860   1.3.6.1.4.1.25623.1.0.863291   1.3.6.1.4.1.25623.1.0.863289   1.3.6.1.4.1.25623.1.0.863276  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-1755
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 48250
http://www.securityfocus.com/bid/48250
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html
http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg01655.html
RedHat Security Advisories: RHSA-2011:0881
http://www.redhat.com/support/errata/RHSA-2011-0881.html
RedHat Security Advisories: RHSA-2011:0882
http://www.redhat.com/support/errata/RHSA-2011-0882.html
http://secunia.com/advisories/44787
http://secunia.com/advisories/44957
http://secunia.com/advisories/45112
SuSE Security Announcement: SUSE-SU-2011:0741 (Google Search)
https://hermes.opensuse.org/messages/9197650
XForce ISS Database: jabberd-xml-entity-dos(67770)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67770




© 1998-2024 E-Soft Inc. All rights reserved.