CVE-2011-1755

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-06-21 02:52

Updated : 2024-02-02 15:01


NVD link : CVE-2011-1755

Mitre link : CVE-2011-1755

CVE.ORG link : CVE-2011-1755


JSON object : View

Products Affected

apple

  • mac_os_x
  • mac_os_x_server

fedoraproject

  • fedora

jabberd2

  • jabberd2
CWE
CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')