DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-06-20 19:52
Updated : 2011-06-27 21:00
NVD link : CVE-2011-1757
Mitre link : CVE-2011-1757
JSON object : View
CWE
CWE-399
Resource Management Errors
Products Affected
brad_fitzpatrick
- djabberd