Summary
Detail | |||
---|---|---|---|
Vendor | Process-One | First view | 2011-06-20 |
Product | Exmpp | Last view | 2011-06-20 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2011-06-20 | CVE-2011-1753 | expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-399 | Resource Management Errors |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:12946 | DSA-2248-1 ejabberd -- denial of service |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
73170 | ejabberd Entity Expansion Recursion XML Nested Entity Handling DoS |
OpenVAS Exploits
id | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-10 (ejabberd) File : nvt/glsa_201206_10.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2248-1 (ejabberd) File : nvt/deb_2248_1.nasl |
2011-08-03 | Name : FreeBSD Ports: ejabberd File : nvt/freebsd_ejabberd1.nasl |
2011-07-12 | Name : Fedora Update for ejabberd FEDORA-2011-8415 File : nvt/gb_fedora_2011_8415_ejabberd_fc15.nasl |
2011-07-08 | Name : Fedora Update for ejabberd FEDORA-2011-8437 File : nvt/gb_fedora_2011_8437_ejabberd_fc14.nasl |
2011-06-24 | Name : ejabberd XML Parsing Denial of Service Vulnerability (Windows) File : nvt/secpod_ejabberd_dos_vuln_win.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-01-24 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2011-0881.nasl - Type: ACT_GATHER_INFO |
2013-01-24 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2011-0882.nasl - Type: ACT_GATHER_INFO |
2012-06-22 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201206-10.nasl - Type: ACT_GATHER_INFO |
2011-06-30 | Name: The remote Fedora host is missing a security update. File: fedora_2011-8415.nasl - Type: ACT_GATHER_INFO |
2011-06-30 | Name: The remote Fedora host is missing a security update. File: fedora_2011-8437.nasl - Type: ACT_GATHER_INFO |
2011-06-27 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_01d3ab7d9c4311e0bc0f0014a5e3cda6.nasl - Type: ACT_GATHER_INFO |
2011-06-10 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2248.nasl - Type: ACT_GATHER_INFO |