5
CVE-2011-2205
- EPSS 2.07%
- Veröffentlicht 22.06.2011 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:30:55
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.07% | 0.79 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
http://blog.prosody.im/prosody-0-8-1-released/
http://hg.prosody.im/0.8/rev/5305a665bdd4
http://hg.prosody.im/0.8/rev/ee6a18f10a8d
http://prosody.im/doc/release/0.8.1
http://secunia.com/advisories/44852
http://www.openwall.com/lists/oss-security/2011/06/14/6
http://www.openwall.com/lists/oss-security/2011/06/15/5
http://www.securityfocus.com/bid/48125
https://exchange.xforce.ibmcloud.com/vulnerabilities/67884