Denial of Service Vulnerability in Prosody XMPP Server by Prosody.im
CVE-2011-2205

Currently unrated

Key Information:

Vendor: Prosody
Status: Prosody
Vendor: CVE Published:; 22 June 2011

What is CVE-2011-2205?

Prior to version 0.8.1, Prosody XMPP Server fails to adequately recognize recursion during XML entity expansion. This oversight can be exploited by remote attackers who send specially crafted XML documents containing a high number of nested entity references, leading to significant memory and CPU consumption. As a result, legitimate service users may experience interruptions or complete denial of service, thereby compromising the operational availability of the server.

References

http://blog.prosody.im/prosody-0-8-1-released/

x_refsource_CONFIRM

http://hg.prosody.im/0.8/rev/5305a665bdd4

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/67884

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2011
Vulnerability Reserved
May 31, 2011

CVE-2011-2205 Data

JSON