Lightwitch Metronome vulnerabilities
2 known vulnerabilities affecting lightwitch/metronome.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2014-2743HIGHCVSS 7.8≤ 3.42014-04-11
CVE-2014-2743 [HIGH] CWE-264 CVE-2014-2743: plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the proce
plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
nvd
CVE-2014-2744HIGHCVSS 7.8≤ 3.42014-04-11
CVE-2014-2744 [HIGH] CWE-20 CVE-2014-2744: plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 neg
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.
nvd