This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Process-One First view 2011-06-20
Product Exmpp Last view 2011-06-20
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:process-one:exmpp:0.9.1:*:*:*:*:*:*:* 1
cpe:2.3:a:process-one:exmpp:0.9.4:*:*:*:*:*:*:* 1
cpe:2.3:a:process-one:exmpp:0.9.5:*:*:*:*:*:*:* 1
cpe:2.3:a:process-one:exmpp:0.9.2:*:*:*:*:*:*:* 1
cpe:2.3:a:process-one:exmpp:0.9.3:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
5 2011-06-20 CVE-2011-1753

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-399 Resource Management Errors

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:12946 DSA-2248-1 ejabberd -- denial of service

Open Source Vulnerability Database (OSVDB)

id Description
73170 ejabberd Entity Expansion Recursion XML Nested Entity Handling DoS

OpenVAS Exploits

id Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-10 (ejabberd)
File : nvt/glsa_201206_10.nasl
2011-08-03 Name : Debian Security Advisory DSA 2248-1 (ejabberd)
File : nvt/deb_2248_1.nasl
2011-08-03 Name : FreeBSD Ports: ejabberd
File : nvt/freebsd_ejabberd1.nasl
2011-07-12 Name : Fedora Update for ejabberd FEDORA-2011-8415
File : nvt/gb_fedora_2011_8415_ejabberd_fc15.nasl
2011-07-08 Name : Fedora Update for ejabberd FEDORA-2011-8437
File : nvt/gb_fedora_2011_8437_ejabberd_fc14.nasl
2011-06-24 Name : ejabberd XML Parsing Denial of Service Vulnerability (Windows)
File : nvt/secpod_ejabberd_dos_vuln_win.nasl

Nessus® Vulnerability Scanner

id Description
2013-01-24 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2011-0881.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2011-0882.nasl - Type: ACT_GATHER_INFO
2012-06-22 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201206-10.nasl - Type: ACT_GATHER_INFO
2011-06-30 Name: The remote Fedora host is missing a security update.
File: fedora_2011-8415.nasl - Type: ACT_GATHER_INFO
2011-06-30 Name: The remote Fedora host is missing a security update.
File: fedora_2011-8437.nasl - Type: ACT_GATHER_INFO
2011-06-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_01d3ab7d9c4311e0bc0f0014a5e3cda6.nasl - Type: ACT_GATHER_INFO
2011-06-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2248.nasl - Type: ACT_GATHER_INFO