CVE

Id
49666  
CVE No.
CVE-2011-1754  
Status
Candidate  
Description
jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.  
Phase
Assigned (20110419)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
539349 49666 CVE-2011-1754 CONFIRM:http://packages.debian.org/changelogs/pool/main/j/jabberd14/jabberd14_1.6.1.1-5+squeeze1/changelog  View
539350 49666 CVE-2011-1754 DEBIAN:DSA-2249  View
539351 49666 CVE-2011-1754 URL:http://www.debian.org/security/2011/dsa-2249  View
539352 49666 CVE-2011-1754 BID:48070  View
539353 49666 CVE-2011-1754 URL:http://www.securityfocus.com/bid/48070  View
539354 49666 CVE-2011-1754 SECUNIA:44795  View
539355 49666 CVE-2011-1754 URL:http://secunia.com/advisories/44795  View
539356 49666 CVE-2011-1754 XF:jabberd14-xml-dos(67771)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
26993 JVNDB-2012-002700 ARM プラットフォーム上の Linux Kernel の sys_oabi_semtimedop 関数における整数オーバーフローの脆弱性 ARM プラットフォーム上で稼働する Linux Kernel の arch/arm/kernel/sys_oabi-compat.c 内の sys_oabi_semtimedop 関数には、CONFIG_OABI_COMPAT が有効な場合、整数オーバーフローの脆弱性が存在します。 CVE-2011-1759 49666 6.2 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002700.html  View