Apple iChat Server XMPP回拨保护组件安全绕过漏洞

Bugtraq ID:55294 CVE ID:CVE-2012-4672 Apple iChat Server是基于jabberd14，以Apple的iChat在线聊天客户端命名。 Apple iChat Server中的XMPP回拨协议实现存在一个安全缺陷，不正确校验"Verify Response"和"Authorization Response"消息，一个伪造的XMPP服务器可利用此缺陷伪造一个或多个域，当与受影响服务器实现通信时，可导致绕过XMPP服务器回拨保护。 0 Apple iChat Server 厂商解决方案 目前没有详细解决方案提供：...

Debian: Security Advisory (DSA-2249-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2249-1 (jabberd14)

The remote host is missing an update to jabberd14 announced via advisory DSA 2249-1. OpenVAS Vulnerability Test $Id: deb22491.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2249-1 jabberd14 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

CVE-2011-1754

jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...

Code injection

jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...

CVE-2011-1754

Technical details for CVE-2011-1754 are not publicly provided in the supplied connected documents. The description notes a DoS via XML entity expansion but no vendor/product/version specifics here. Monitor for updates and rely on official advisories for remediation.

CVE-2011-1754

jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...

Debian DSA-2249-1 : jabberd14 - denial of service

Wouter Coekaerts discovered that jabberd14, an instant messaging server using the Jabber/XMPP protocol, is vulnerable to the so-called'billion laughs' attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the...

[SECURITY] [DSA 2249-1] jabberd14 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2249-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2249-1] jabberd14 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2249-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...