Lucene search

K
cve[email protected]CVE-2014-2745
HistoryApr 11, 2014 - 1:55 a.m.

CVE-2014-2745

2014-04-1101:55:00
CWE-264
web.nvd.nist.gov
35
prosody
xmpp
denial of service
cve-2014-2745
nvd

6.3 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.03 Low

EPSS

Percentile

90.7%

Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an “xmppbomb” attack, related to core/portmanager.lua and util/xmppstream.lua.

6.3 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.03 Low

EPSS

Percentile

90.7%