Lucene search

K

PRIOn knowledge basePRION:CVE-2011-2205

HistoryJun 22, 2011 - 9:55 p.m.

Code injection

2011-06-2221:55:00

PRIOn knowledge base

www.prio-n.com

4

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CPENameOperatorVersion
prosodyeq0.6.0
prosodyeq0.6
prosodyeq0.4.2
prosodyeq0.8
prosodyeq0.5.0
prosodyeq0.6.1
prosodyeq0.5.2
prosodyeq0.7
prosodyeq0.4.0
prosodyeq0.7.0

Rows per page:

1-10 of 161

References

blog.prosody.im/prosody-0-8-1-released/

hg.prosody.im/0.8/rev/5305a665bdd4

hg.prosody.im/0.8/rev/ee6a18f10a8d

prosody.im/doc/release/0.8.1

secunia.com/advisories/44852

www.openwall.com/lists/oss-security/2011/06/14/6

www.openwall.com/lists/oss-security/2011/06/15/5

www.securityfocus.com/bid/48125

exchange.xforce.ibmcloud.com/vulnerabilities/67884

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

Related for PRION:CVE-2011-2205

cve29 debiancve11 ubuntucve13 prion27 nessus20 freebsd1 openvas22 osv3 veracode1 github2 centos1 redhatcve1 redhat1 securityvulns1