Lucene search
HistoryJun 21, 2011 - 2:52 a.m.
CVE-2011-1754
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7
Confidence
High
EPSS
0.013
Percentile
86.0%
jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Affected configurations
Node
jabberdjabberd14Range≤1.6.1.1
ORjabberdjabberd14Match1.4.1
ORjabberdjabberd14Match1.4.2
ORjabberdjabberd14Match1.4.3
ORjabberdjabberd14Match1.4.3.1
ORjabberdjabberd14Match1.4.4
ORjabberdjabberd14Match1.6.0
ORjabberdjabberd14Match1.6.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jabberd | jabberd14 | * | cpe:2.3:a:jabberd:jabberd14:*:*:*:*:*:*:*:* |
| jabberd | jabberd14 | 1.4.1 | cpe:2.3:a:jabberd:jabberd14:1.4.1:*:*:*:*:*:*:* |
| jabberd | jabberd14 | 1.4.2 | cpe:2.3:a:jabberd:jabberd14:1.4.2:*:*:*:*:*:*:* |
| jabberd | jabberd14 | 1.4.3 | cpe:2.3:a:jabberd:jabberd14:1.4.3:*:*:*:*:*:*:* |
| jabberd | jabberd14 | 1.4.3.1 | cpe:2.3:a:jabberd:jabberd14:1.4.3.1:*:*:*:*:*:*:* |
| jabberd | jabberd14 | 1.4.4 | cpe:2.3:a:jabberd:jabberd14:1.4.4:*:*:*:*:*:*:* |
| jabberd | jabberd14 | 1.6.0 | cpe:2.3:a:jabberd:jabberd14:1.6.0:*:*:*:*:*:*:* |
| jabberd | jabberd14 | 1.6.1 | cpe:2.3:a:jabberd:jabberd14:1.6.1:*:*:*:*:*:*:* |
Related
prion
prion
cve
cve
cvelist
cvelist
ubuntucve
ubuntucve
nvd
nvd
securityvulns
securityvulns
[SECURITY] [DSA 2249-1] jabberd14 security update
2011-06-02 00:00:00
Citadel Jabber server / Jabberd / ejabberd DoS
2011-06-02 00:00:00
[ MDVSA-2009:221 ] libneon0.27
2009-08-25 00:00:00
openvas
openvas
Debian Security Advisory DSA 2249-1 (jabberd14)
2011-08-03 00:00:00
Debian: Security Advisory (DSA-2249-1)
2011-08-03 00:00:00
Huawei EulerOS: Security Advisory for qt (EulerOS-SA-2020-1323)
2020-03-24 00:00:00
nessus
nessus
Debian DSA-2249-1 : jabberd14 - denial of service
2011-06-10 00:00:00
EulerOS 2.0 SP8 : qt (EulerOS-SA-2020-1299)
2020-03-23 00:00:00
openSUSE 15 Security Update : snakeyaml (openSUSE-SU-2021:1876-1)
2021-07-16 00:00:00
debian
debian
[SECURITY] [DSA 2249-1] jabberd14 security update
2011-05-31 21:06:46
freebsd
freebsd
ejabberd -- remote denial of service vulnerability
2011-04-27 00:00:00
debiancve
debiancve
github
github
SnakeYAML Entity Expansion during load operation
2021-06-04 21:37:45
JBossWS vulnerable to uncontrolled recursion
2022-05-13 01:39:29
osv
osv
CVE-2017-18640
2019-12-12 03:15:10
JBossWS vulnerable to uncontrolled recursion
2022-05-13 01:39:29
SnakeYAML Entity Expansion during load operation
2021-06-04 21:37:45
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:53:01
centos
centos
libxml2 security update
2008-09-12 01:23:56
redhatcve
redhatcve
CVE-2017-18640
2020-04-08 21:02:33
redhat
redhat
(RHSA-2008:0886) Important: libxml2 security update
2008-09-11 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7
Confidence
High
EPSS
0.013
Percentile
86.0%
Related for NVD:CVE-2011-1754