Oval Definition:oval:org.mitre.oval:def:12946
Revision Date:2014-06-23Version:20
Title:DSA-2248-1 ejabberd -- denial of service
Description:Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2011-1753
DSA-2248-1
Platform(s):Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Product(s):ejabberd
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND ejabberd DPKG is earlier than 2.0.1-6+lenny3
  • OR Release section
  • Debian 6.0 is installed
  • AND GNU/Linux or GNU/kFreeBSD kernel
  • Debian GNU/Linux is installed
  • OR Debian GNU/kFreeBSD is installed
  • AND Installed architecture is all
  • AND ejabberd DPKG is earlier than 2.1.5-3+squeeze1
  • BACK