CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
78.1%
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
Vendor | Product | Version | CPE |
---|---|---|---|
process-one | ejabberd | 2.1.8 | cpe:2.3:a:process-one:ejabberd:2.1.8:*:*:*:*:*:*:* |
process-one | ejabberd | 3.0.0 | cpe:2.3:a:process-one:ejabberd:3.0.0:alpha3:*:*:*:*:*:* |