CVE-2011-1755
CVE-2011-1755
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLoghttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=700390http://secunia.com/advisories/44787http://secunia.com/advisories/44957http://secunia.com/advisories/45112https://exchange.xforce.ibmcloud.com/vulnerabilities/67770https://hermes.opensuse.org/messages/9197650http://support.apple.com/kb/HT5002