CVE-2011-2205
Published Jun 22, 2011
Last updated 7 years ago
Overview
- Description
- Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-399
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B041054D-2DDE-4CAA-8127-D54084BC46F7",
"versionEndIncluding": "0.8.0"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAFD513E-D824-4A56-ACAC-C80D253D238E"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66CADDFD-351C-4785-AA25-F15482563A0C"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EEB6D2F-91DF-452F-B93C-7E27B7F9AE3A"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C7C9A3A-25B6-4EFA-BFF0-B3EA4BE50D55"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3849A36E-AE3C-4A64-A267-455E7DFA23FC"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE46CE5D-C648-497C-9B9D-7053E57206ED"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72D503F4-503A-427E-8601-DC58ABF87556"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27B91228-E7DC-460A-9BB7-AEBB0DB6EF1F"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "641B719B-2739-4E1E-9BE1-B4082D8D85BD"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D355198-545E-4E09-AA63-A75DBC7BDC95"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20E34C61-6749-4DDC-A9E0-50A96430CEA0"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "817100C0-4FCC-4DDE-8B4D-670854BEA3CA"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0341BC4C-F4E9-4270-9BAB-733A4BC8FF34"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14F2E897-2B3F-4435-8BAC-87CF347C9AB1"
},
{
"criteria": "cpe:2.3:a:prosody:prosody:0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AC268E7-EF55-412A-94CD-939D1F690164"
}
],
"operator": "OR"
}
]
}
]