2 matches found
DEBIAN-CVE-2014-2745
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua...
DEBIAN-CVE-2014-2744
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...