NotCVE - vendor:"Process-one" product:"Ejabberd" version:"3.0.0"

2 results (0.002 seconds)

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-4320

https://notcve.org/view.php?id=CVE-2011-4320

The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute. El módulo de mod_pubsub (mod_pubsub.erl) en ejabberd v2.1.8 y v3.0.0-alpha-3 permite a usuarios remotos autenticados provocar una denegación de servicio (bucle infinito) a través de una estrofa con una etiqueta de publicación que carece de un atributo de nodo. • http://secunia.com/advisories/46915 http://www.openwall.com/lists/oss-security/2011/11/19/1 http://www.openwall.com/lists/oss-security/2011/11/19/2 http://www.osvdb.org/77302 http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9 https://support.process-one.net/browse/EJAB-1498 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 6%CPEs: 34EXPL: 0

CVE-2011-1753

https://notcve.org/view.php?id=CVE-2011-1753

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. expat_erl.c en ejabberd v2.1.7 y v3.x antes de v3.0.0-alpha-3, y exmpp antes de v0.9.7, no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( la memoria y el consumo de CPU ) a través de un documento XML manipulado que contiene un gran número de referencias a entidades anidadas, un problema similar a CVE-2003-1564. • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062099.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062145.html http://secunia.com/advisories/44765 http://secunia.com/advisories/44807 http://secunia.com/advisories/45120 http://www.debian.org/security/2011/dsa-2248 http://www.ejabberd.im/ejabberd-2.1.7 http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7 http://www.securityfocus.com/bid/48072 https:/&#x • CWE-399: Resource Management Errors •