CVE-2014-2741
published 2014-04-11CVE-2014-2741: nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows…
PriorityP335high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
3.77%
88.6th percentile
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| igniterealtime | openfire | <= 3.9.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Ignite Realtime Openfire vulnerable to XMPPbomb attack
ghsa·2022-05-17
CVE-2014-2741 [HIGH] CWE-400 Ignite Realtime Openfire vulnerable to XMPPbomb attack
Ignite Realtime Openfire vulnerable to XMPPbomb attack
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
OSV
Ignite Realtime Openfire vulnerable to XMPPbomb attack
osv·2022-05-17
CVE-2014-2741 [HIGH] Ignite Realtime Openfire vulnerable to XMPPbomb attack
Ignite Realtime Openfire vulnerable to XMPPbomb attack
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://community.igniterealtime.org/thread/52317http://fisheye.igniterealtime.org/changelog/openfiregit?cs=3aec383e07ee893b77396fe946766bbd3758af77http://openwall.com/lists/oss-security/2014/04/07/7http://openwall.com/lists/oss-security/2014/04/09/1http://www.kb.cert.org/vuls/id/495476http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/http://community.igniterealtime.org/thread/52317http://fisheye.igniterealtime.org/changelog/openfiregit?cs=3aec383e07ee893b77396fe946766bbd3758af77http://openwall.com/lists/oss-security/2014/04/07/7http://openwall.com/lists/oss-security/2014/04/09/1http://www.kb.cert.org/vuls/id/495476http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
2014-04-11
Published