2 matches found
CVE-2014-2743
plugins/modcompression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...
CVE-2014-2743
Lightwitch Metronome up to version 3.4 is affected by a flaw in plugins/mod_compression.lua that does not properly restrict processing of compressed XML elements. This enables remote attackers to cause denial of service by sending a crafted XMPP stream (an “xmppbomb” attack), compromising availab...