Ejabberd XML Parsing Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with ejabberd and is prone to denial of service vulnerability.

Impact

Successful exploitation allows remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to ejabberd version 2.1.7, 3.0.0-alpha-3 or later. For updates refer to http://www.ejabberd.im/

Insight

The flaw is due to an error within the parsing of certain XML input, which can be exploited to cause a high CPU and memory consumption via a crafted XML document containing a large number of nested entity references.

Affected

ejabberd versions before 2.1.7 and 3.x before 3.0.0-alpha-3

References

http://secunia.com/advisories/44807
http://www.ejabberd.im/ejabberd-2.1.7
http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1753

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
freeSSHd Pre-Authentication Error Remote DoS Vulnerability
Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
Comodo Internet Security Denial of Service Vulnerability-04
AyeView GIF Image Handling Denial of Service Vulnerability

ejabberd XML Parsing Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities