diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b90d9f3032ae..0d1529052add 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6"> + <topic>ejabberd -- remote denial of service vulnerability</topic> + <affects> + <package> + <name>ejabberd</name> + <range><lt>2.1.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>It's reported in CVE advisory that:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1753"> + <p>expat_erl.c in ejabberd before 2.1.7 and 3.x before + 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect + recursion during entity expansion, which allows remote attackers + to cause a denial of service (memory and CPU consumption) via a + crafted XML document containing a large number of nested entity + references, a similar issue to CVE-2003-1564.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-1753</cvename> + <url>http://www.ejabberd.im/ejabberd-2.1.7</url> + </references> + <dates> + <discovery>2011-04-27</discovery> + <entry>2011-06-24</entry> + </dates> + </vuln> + <vuln vid="dfe40cff-9c3f-11e0-9bec-6c626dd55a41"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> @@ -146,7 +177,7 @@ Note: Please add new entries to the beginning of this file. <p>The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the "anonymous" user.</p> - <p>Piwik contains a remotely exploitable vulnerabiliy that could + <p>Piwik contains a remotely exploitable vulnerability that could allow a remote attacker to execute arbitrary code. Only installations that have granted untrusted view access to their stats (ie. grant "view" access to a website to anonymous) are at |