CVE-2011-2205

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-06-2011 11:55

Last modified: - 22-09-2022 03:00

Total changes: - 2

Description

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

http://blog.prosody.im/prosody-0-8-1-released/
44852-Vendor Advisory
http://hg.prosody.im/0.8/rev/5305a665bdd4
48125-
http://hg.prosody.im/0.8/rev/ee6a18f10a8d
http://prosody.im/doc/release/0.8.1
[oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection-
[oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection-
prosody-xml-dos(67884)-

Keywords

CVE-2011-2205

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2011-2205

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures