| Vulnerability Name: | CVE-2011-1756 (CCN-67773) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2011-06-01 | ||||||||||||||||||||||||||||||||||||
| Published: | 2011-06-01 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2011-10-26 | ||||||||||||||||||||||||||||||||||||
| Summary: | modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Patch http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0c Source: CONFIRM Type: Patch http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6 Source: MITRE Type: CNA CVE-2011-1756 Source: CONFIRM Type: UNKNOWN http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changelog Source: CONFIRM Type: UNKNOWN http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changelog Source: SECUNIA Type: Vendor Advisory 44788 Source: CONFIRM Type: Patch http://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2.diff.gz Source: CCN Type: Citadel Web site Citadel Source: DEBIAN Type: UNKNOWN DSA-2250 Source: DEBIAN Type: DSA-2250 citadel -- denial of service Source: BID Type: UNKNOWN 48071 Source: CCN Type: BID-48071 Citadel XML Parsing Denial of Service Vulnerability Source: XF Type: UNKNOWN citadel-xml-entity-dos(67773) | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||