Vulnerabilites related to jabberd2 - jabberd2
Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0032792F-E25F-4192-8D39-5EDE77DB75BB",
"versionEndIncluding": "2.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID."
},
{
"lang": "es",
"value": "Vulnerabilidad en c2s/c2s.c en Jabber Open Source Server 2.3.2 y versiones anteriores trunca datos sin asegurarse de que sigue siendo UTF-8 v\u00e1lido, lo que permite a usuarios remotos autenticados leer la memoria del sistema o posiblemente tener otro impacto no especificado a trav\u00e9s de un JID manipulado."
}
],
"id": "CVE-2015-2058",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:08.073",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/02/09/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72731"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/02/09/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jabberd2/jabberd2/issues/85"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-25 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jabber2:jabberd2:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "24C9A9BA-FC37-4FED-B03B-02FD87DF4B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA058DB-6786-489E-B560-1AE154607AAC",
"versionEndIncluding": "2.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38A57C87-1E18-4DEC-864F-BFECA74FB8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3405FB-CEBD-4E9B-809C-CC436DB491CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C16361-0A6A-46F1-9154-0EBAEF9424DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB738B5C-F549-4171-93F8-821F06D09B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "136B0689-05C4-47AF-BCFC-5BAAD62DD2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA729702-72F3-4BB4-8647-8938DDCA65B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E32A9A5F-7669-4EC1-804E-8FDAD5FD3FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "713D733B-C056-4A87-A0F3-669BD2B97EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5B695154-C52C-4A26-AB56-B9D301268BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "33D8A7D9-1565-4CA2-832B-3B5A800E7185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "64DA6F74-7F66-4C47-A05A-1F1143FEBF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7B360C-9222-4862-A1A3-D939D8E5B906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC4B150-E318-430D-AB53-7FC4235534E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0A1409-AA29-4393-AF76-38D2F6621BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B389FE79-E88D-4BD3-A3DB-5015FF9E78C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9B5DE-912B-4D76-A428-2A614918C1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCAEDE2-B0C2-48CB-B0C3-594A6569B904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B73387-35EC-440C-8B93-879BD66E39F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "47426695-4686-4736-B27E-6800ACB43CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6F846FB8-DCDA-4A24-9DD7-2F9C9AC3833F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9B9D48-5848-4313-9EDF-FDE562875EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5C31E5-2441-4C53-9E10-3AB33FCF11A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "703383CD-DF8D-4DA1-B322-8DE9E847A8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A9F0E1-0A41-4C98-8467-0578D98AD0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "769A2F0A-816C-458A-B579-CE8BB8FF5A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BD3313-4CF5-44EE-91EC-D6F0C23D0342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3E1C3C-FB3B-4941-A879-0F351959EB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98EE2C3A-67C4-45D5-80EE-3819F5AB1133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4C94F7-4093-46B5-9B2E-9F3B2BD462DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9B7918-C678-4CE8-97B1-52AF3E17A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10D9719B-B6AE-4AA1-9767-FD85DE12782B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5C64CA72-E6D6-4981-AA23-447EA7FAFD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57CE98F9-FA6B-49D0-8410-BCD188E2F64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "64A5D6D9-D045-4A0A-BBAB-21F2C228BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "595AFA35-92B5-4957-A2AA-DF9E09990438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45836D34-A47C-49F6-9A1A-3F8160611058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "89ED36F8-4D8C-406E-BE8A-F8C374227F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "28D0CB97-3F6A-4CD6-A9A4-2F6743E13F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9923E4E2-ADB1-4729-97AE-C4EA19D5E6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "69E01C9E-5B90-4044-B002-87A741CA6AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F295-2C75-4260-9A3F-A7A225B36EB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response."
},
{
"lang": "es",
"value": "s2s/out.c en jabberd2 v2.2.16 y anteriores no comprueba que se presente una solicitud para una respuesta XMPP Server Dialback, lo que permite a servidores remotos de XMPP falsificar dominios a trav\u00e9s (1) Verify Response o (2) Authorization Response."
}
],
"id": "CVE-2012-3525",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-25T16:55:00.837",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50124"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-12 04:29
Modified
2024-11-21 03:19
Severity ?
Summary
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.gentoo.org/631068 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/631068 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA2845-2976-43B9-B64A-1D8F93A58E5B",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92121D8A-529E-454A-BC8D-B6E0017E615D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a \"kill -TERM `cat /var/run/jabber/filename.pid`\" command."
},
{
"lang": "es",
"value": "El paquete net-im/jabberd2 de Gentoo, hasta la versi\u00f3n 2.6.1, establece la propiedad de /var/run/jabber en la cuenta jabber, lo que podr\u00eda permitir que usuarios locales finalicen procesos arbitrarios aprovechando el acceso a esta cuenta para modificar archivos PID antes de que un script root ejecute un comando \"kill -TERM `cat /var/run/jabber/filename.pid`\""
}
],
"id": "CVE-2017-18226",
"lastModified": "2024-11-21T03:19:37.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-12T04:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/631068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/631068"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-21 02:52
Modified
2025-04-11 00:51
Severity ?
Summary
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jabberd2 | jabberd2 | * | |
| fedoraproject | fedora | 13 | |
| fedoraproject | fedora | 14 | |
| fedoraproject | fedora | 15 | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x_server | * | |
| apple | mac_os_x_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2DB6CB-509C-45D5-B29E-A08DFF8B641D",
"versionEndExcluding": "2.2.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5472AEFC-EA25-49B1-AA2B-8405099B4FBE",
"versionEndExcluding": "10.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5465D904-D83E-4350-B44B-A3322B113928",
"versionEndExcluding": "10.7.2",
"versionStartIncluding": "10.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD16A092-B263-400F-BD7E-94DEB5D57EDB",
"versionEndExcluding": "10.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C567AE9D-603E-4B37-9BCF-7305033D6561",
"versionEndExcluding": "10.7.2",
"versionStartIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "jabberd2 antes de v2.2.14 no detecta correctamente la recursividad durante la expansi\u00f3n de la entidad, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio ( consumo de memoria y CPU ) a trav\u00e9s de un documento XML manipulado que contiene un gran n\u00famero de referencias a entidades anidadas, un problema similar a CVE-2003-1564."
}
],
"id": "CVE-2011-1755",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2011-06-21T02:52:43.373",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44787"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/44957"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45112"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01655.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0881.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0882.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48250"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700390"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/9197650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/44957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01655.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0882.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/9197650"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-04 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3902 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/99511 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.debian.org/867032 | Third Party Advisory | |
| cve@mitre.org | https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16 | Third Party Advisory | |
| cve@mitre.org | https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3902 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99511 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/867032 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13A5AE8E-027E-4A71-9DEB-E242E5494F20",
"versionEndIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled."
},
{
"lang": "es",
"value": "Las versiones 2.x de JabberD (tambi\u00e9n conocidas como jabberd2) anteriores a la 2.6.1 permiten que cualquiera pueda autenticarse empleando SASL ANONYMOUS, incluso cuando la opci\u00f3n sasl.anonymous en c2s.xml no est\u00e1 habilitada."
}
],
"id": "CVE-2017-10807",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-04T15:29:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3902"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99511"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/867032"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/867032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-12 04:29
Modified
2024-11-21 03:19
Severity ?
Summary
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.gentoo.org/629412 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/629412 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA2845-2976-43B9-B64A-1D8F93A58E5B",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92121D8A-529E-454A-BC8D-B6E0017E615D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs."
},
{
"lang": "es",
"value": "El paquete net-im/jabberd2 de Gentoo, hasta la versi\u00f3n 2.6.1, instala jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s y jabberd2-sm en /usr/bin, propiedad de la cuenta jabber. Esto podr\u00eda permitir que usuarios locales obtengan privilegios aprovechando el acceso a esta cuenta y esperando a que root ejecute uno de estos programas."
}
],
"id": "CVE-2017-18225",
"lastModified": "2024-11-21T03:19:36.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-12T04:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/629412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/629412"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-3525 (GCVE-0-2012-3525)
Vulnerability from cvelistv5
Published
2012-08-25 16:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1538",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"name": "[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"name": "[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"name": "55167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55167"
},
{
"name": "50124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"name": "APPLE-SA-2013-03-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
},
{
"name": "RHSA-2012:1539",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"name": "[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"name": "50859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50859"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1538",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"name": "[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"name": "[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"name": "55167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55167"
},
{
"name": "50124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"name": "APPLE-SA-2013-03-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
},
{
"name": "RHSA-2012:1539",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"name": "[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"name": "50859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50859"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3525",
"datePublished": "2012-08-25T16:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10807 (GCVE-0-2017-10807)
Vulnerability from cvelistv5
Published
2017-07-04 15:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16"
},
{
"name": "DSA-3902",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1"
},
{
"name": "99511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/867032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16"
},
{
"name": "DSA-3902",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1"
},
{
"name": "99511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/867032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16",
"refsource": "CONFIRM",
"url": "https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16"
},
{
"name": "DSA-3902",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3902"
},
{
"name": "https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1",
"refsource": "CONFIRM",
"url": "https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1"
},
{
"name": "99511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99511"
},
{
"name": "https://bugs.debian.org/867032",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/867032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10807",
"datePublished": "2017-07-04T15:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18225 (GCVE-0-2017-18225)
Vulnerability from cvelistv5
Published
2018-03-12 04:00
Modified
2024-08-05 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/629412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-12T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/629412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/629412",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/629412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18225",
"datePublished": "2018-03-12T04:00:00",
"dateReserved": "2018-03-11T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2058 (GCVE-0-2015-2058)
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "[oss-security] 20150209 CVE Request: jabberd remote information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/09/13"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"name": "72731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "[oss-security] 20150209 CVE Request: jabberd remote information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/09/13"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"name": "72731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jabberd2/jabberd2/issues/85",
"refsource": "CONFIRM",
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "[oss-security] 20150209 CVE Request: jabberd remote information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/09/13"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"name": "72731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2058",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-02-23T00:00:00",
"dateUpdated": "2024-08-06T05:02:43.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18226 (GCVE-0-2017-18226)
Vulnerability from cvelistv5
Published
2018-03-12 04:00
Modified
2024-08-05 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/631068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a \"kill -TERM `cat /var/run/jabber/filename.pid`\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-12T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/631068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a \"kill -TERM `cat /var/run/jabber/filename.pid`\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/631068",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/631068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18226",
"datePublished": "2018-03-12T04:00:00",
"dateReserved": "2018-03-11T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1755 (GCVE-0-2011-1755)
Vulnerability from cvelistv5
Published
2011-06-21 01:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jabberd-xml-entity-dos(67770)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog"
},
{
"name": "44957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44957"
},
{
"name": "44787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44787"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "FEDORA-2011-7801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html"
},
{
"name": "RHSA-2011:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0881.html"
},
{
"name": "SUSE-SU-2011:0741",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/9197650"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700390"
},
{
"name": "FEDORA-2011-7805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html"
},
{
"name": "RHSA-2011:0882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0882.html"
},
{
"name": "48250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48250"
},
{
"name": "FEDORA-2011-7818",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "45112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45112"
},
{
"name": "[jabberd2] 20110531 jabberd-2.2.14 release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01655.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "jabberd-xml-entity-dos(67770)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog"
},
{
"name": "44957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44957"
},
{
"name": "44787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44787"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "FEDORA-2011-7801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html"
},
{
"name": "RHSA-2011:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0881.html"
},
{
"name": "SUSE-SU-2011:0741",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/9197650"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700390"
},
{
"name": "FEDORA-2011-7805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html"
},
{
"name": "RHSA-2011:0882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0882.html"
},
{
"name": "48250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48250"
},
{
"name": "FEDORA-2011-7818",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "45112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45112"
},
{
"name": "[jabberd2] 20110531 jabberd-2.2.14 release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01655.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jabberd-xml-entity-dos(67770)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67770"
},
{
"name": "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog",
"refsource": "CONFIRM",
"url": "http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog"
},
{
"name": "44957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44957"
},
{
"name": "44787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44787"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "FEDORA-2011-7801",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html"
},
{
"name": "RHSA-2011:0881",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0881.html"
},
{
"name": "SUSE-SU-2011:0741",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/9197650"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=700390",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700390"
},
{
"name": "FEDORA-2011-7805",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html"
},
{
"name": "RHSA-2011:0882",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0882.html"
},
{
"name": "48250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48250"
},
{
"name": "FEDORA-2011-7818",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "45112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45112"
},
{
"name": "[jabberd2] 20110531 jabberd-2.2.14 release",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg01655.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1755",
"datePublished": "2011-06-21T01:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}