CVE-2011-1754

jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
jabberdjabberd14
𝑥
≤ 1.6.1.1
jabberdjabberd14
1.4.1
jabberdjabberd14
1.4.2
jabberdjabberd14
1.4.3
jabberdjabberd14
1.4.3.1
jabberdjabberd14
1.4.4
jabberdjabberd14
1.6.0
jabberdjabberd14
1.6.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jabberd14
natty
Fixed 1.6.1.1-5+squeeze1build0.11.04.1
released
maverick
Fixed 1.6.1.1-5+squeeze1build0.10.10.1
released
lucid
Fixed 1.6.1.1-5+squeeze1build0.10.04.1
released
hardy
dne
Common Weakness Enumeration
References
http://packages.debian.org/changelogs/pool/main/j/jabberd14/jabberd14_1.6.1.1-5+squeeze1/changelog
http://secunia.com/advisories/44795
http://www.debian.org/security/2011/dsa-2249
http://www.securityfocus.com/bid/48070
https://exchange.xforce.ibmcloud.com/vulnerabilities/67771
http://packages.debian.org/changelogs/pool/main/j/jabberd14/jabberd14_1.6.1.1-5+squeeze1/changelog
http://secunia.com/advisories/44795
http://www.debian.org/security/2011/dsa-2249
http://www.securityfocus.com/bid/48070
https://exchange.xforce.ibmcloud.com/vulnerabilities/67771