4 matches found
GLSA-201406-35 : Openfire: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201406-35 Openfire: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2741. Reason: This candidate is a duplicate of CVE-2014-2741. Notes: All CVE users should reference CVE-2014-2741 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2014-0360
CVE-2014-0360 is a duplicate of CVE-2014-2741 and corresponds to an Openfire XMPP-layer DoS issue. Affected software: Openfire prior to 3.9.2, due to improper restriction in nio/XMLLightweightParser.java that allows crafted XMPP streams with compressed XML to cause resource exhaustion (xmppbomb)....
CVE-2014-2741
Openfire before 3.9.2 is affected by a denial-of-service due to improper restriction in nio/XMLLightweightParser.java when processing compressed XML in XMPP streams (xmppbomb). Exploitation can exhaust resources on the server via crafted XMPP traffic. The issue is fixed in Openfire 3.9.2 and late...