Summary
This host is installed with ejabberd and is prone to denial of service vulnerability.
Impact
Successful exploitation allows remote attackers to cause a denial of service.
Impact Level: Application
Solution
Upgrade to ejabberd version 2.1.7, 3.0.0-alpha-3 or later.
For updates refer to http://www.ejabberd.im/
Insight
The flaw is due to an error within the parsing of certain XML input, which can be exploited to cause a high CPU and memory consumption via a crafted XML document containing a large number of nested entity references.
Affected
ejabberd versions before 2.1.7 and 3.x before 3.0.0-alpha-3
References
Severity
Classification
-
CVE CVE-2011-1753 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
- freeSSHd Pre-Authentication Error Remote DoS Vulnerability
- Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
- Comodo Internet Security Denial of Service Vulnerability-04
- AyeView GIF Image Handling Denial of Service Vulnerability