logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2014-2744

Description

plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.


Affected Package


OS OS Version Package Name Package Version
ubuntu 12.04 prosody any
ubuntu 14.04 prosody any
ubuntu upstream prosody 0.9.4-1

Related