Required CVE Record Information
Description
XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.
References 5 Total
- openwall.com: [oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection mailing-list
- https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992
- https://raw.github.com/djabberd/DJabberd/master/CHANGES
- groups.google.com: [djabberd] 20110613 Security Release DJabberd 0.85 mailing-list
- openwall.com: [oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- openwall.com: [oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection mailing-listx_transferred
- https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992 x_transferred
- https://raw.github.com/djabberd/DJabberd/master/CHANGES x_transferred
- groups.google.com: [djabberd] 20110613 Security Release DJabberd 0.85 mailing-listx_transferred
- openwall.com: [oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection mailing-listx_transferred