CVE-2011-2205

Severity

50%

Complexity

99%

Confidentiality

48%

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Prosody

First reported 13 years ago

2011-06-22 21:55:00

Last updated 7 years ago

2017-08-29 01:29:00

Affected Software

Prosody 0.1.0

0.1.0

Prosody 0.2.0

0.2.0

Prosody 0.3.0

0.3.0

Prosody 0.4.0

0.4.0

Prosody 0.4.1

0.4.1

Prosody 0.4.2

0.4.2

Prosody 0.5.0

0.5.0

Prosody 0.5.1

0.5.1

Prosody 0.5.2

0.5.2

Prosody 0.6.0

0.6.0

Prosody 0.6.1

0.6.1

Prosody 0.7.0

0.7.0

References

http://blog.prosody.im/prosody-0-8-1-released/

Patch

http://hg.prosody.im/0.8/rev/5305a665bdd4

Patch

http://hg.prosody.im/0.8/rev/ee6a18f10a8d

Patch

http://prosody.im/doc/release/0.8.1

Patch

44852

Vendor Advisory

[oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection

[oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection

48125

prosody-xml-dos(67884)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.