CVE-2011-1755
published 2011-06-21CVE-2011-1755: jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.6.8 | 10.6.8 |
| apple | mac_os_x | >= 10.7.0 < 10.7.2 | 10.7.2 |
| apple | mac_os_x_server | < 10.6.8 | 10.6.8 |
| apple | mac_os_x_server | >= 10.7.0 < 10.7.2 | 10.7.2 |
| debian | jabberd2 | < jabberd2 2.2.8-2.1 (bookworm) | jabberd2 2.2.8-2.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| jabberd2 | jabberd2 | < 2.2.14 | 2.2.14 |
| jabberd2 | jabberd2 | >= 0 < 2.2.8-2.1 | 2.2.8-2.1 |
| jabberd2 | jabberd2 | >= 0 < 2.2.8-2.1 | 2.2.8-2.1 |
| jabberd2 | jabberd2 | >= 0 < 2.2.8-2.1 | 2.2.8-2.1 |
| jabberd2 | jabberd2 | >= 0 < 2.2.8-2.1 | 2.2.8-2.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM