Executive Summary

Informations
NameCVE-2011-1753First vendor Publication2011-06-20
VendorCveLast vendor Modification2011-10-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1753

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application28
Application6

OpenVAS Exploits

DateDescription
2012-08-10Name : Gentoo Security Advisory GLSA 201206-10 (ejabberd)
File : nvt/glsa_201206_10.nasl
2011-08-03Name : Debian Security Advisory DSA 2248-1 (ejabberd)
File : nvt/deb_2248_1.nasl
2011-08-03Name : FreeBSD Ports: ejabberd
File : nvt/freebsd_ejabberd1.nasl
2011-07-12Name : Fedora Update for ejabberd FEDORA-2011-8415
File : nvt/gb_fedora_2011_8415_ejabberd_fc15.nasl
2011-07-08Name : Fedora Update for ejabberd FEDORA-2011-8437
File : nvt/gb_fedora_2011_8437_ejabberd_fc14.nasl
2011-06-24Name : ejabberd XML Parsing Denial of Service Vulnerability (Windows)
File : nvt/secpod_ejabberd_dos_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
73170ejabberd Entity Expansion Recursion XML Nested Entity Handling DoS

Nessus® Vulnerability Scanner

DateDescription
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0881.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0882.nasl - Type : ACT_GATHER_INFO
2012-06-22Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-10.nasl - Type : ACT_GATHER_INFO
2011-06-30Name : The remote Fedora host is missing a security update.
File : fedora_2011-8415.nasl - Type : ACT_GATHER_INFO
2011-06-30Name : The remote Fedora host is missing a security update.
File : fedora_2011-8437.nasl - Type : ACT_GATHER_INFO
2011-06-27Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_01d3ab7d9c4311e0bc0f0014a5e3cda6.nasl - Type : ACT_GATHER_INFO
2011-06-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2248.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/48072
CONFIRMhttp://www.ejabberd.im/ejabberd-2.1.7
http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2....
https://bugzilla.redhat.com/show_bug.cgi?id=700454
https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac...
DEBIANhttp://www.debian.org/security/2011/dsa-2248
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/062099.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062145.html
SECUNIAhttp://secunia.com/advisories/44765
http://secunia.com/advisories/44807
http://secunia.com/advisories/45120
XFhttp://xforce.iss.net/xforce/xfdb/67769

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:02:04
  • Multiple Updates
2013-05-10 22:59:39
  • Multiple Updates