fkie_cve-2004-1378
Vulnerability from fkie_nvd
Published
2004-09-21 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.
References
cve@mitre.orghttp://devel.amessage.info/jabberd14/Patch
cve@mitre.orghttp://mail.jabber.org/pipermail/jabberd/2004-September/002004.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109583829122679&w=2
cve@mitre.orghttp://secunia.com/advisories/12636
cve@mitre.orghttp://securitytracker.com/id?1011383
cve@mitre.orghttp://securitytracker.com/id?1011384
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200409-31.xmlPatch
cve@mitre.orghttp://www.osvdb.org/10257
cve@mitre.orghttp://www.securityfocus.com/bid/11231Patch
cve@mitre.orghttp://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17466
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17467
af854a3a-2127-422b-91ae-364da2661108http://devel.amessage.info/jabberd14/Patch
af854a3a-2127-422b-91ae-364da2661108http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109583829122679&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12636
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1011383
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1011384
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200409-31.xmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/10257
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11231Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17466
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17467
Impacted products
Vendor Product Version
jabberstudio jabberd 1.4
jabberstudio jabberd 1.4.1
jabberstudio jabberd 1.4.2
jabberstudio jabberd 1.4.2a
jabberstudio jabberd 1.4.3
jabberstudio jadc2s 0.6
jabberstudio jadc2s 0.7
jabberstudio jadc2s 0.8
jabberstudio jadc2s 0.9


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF04B475-4901-48FD-AD5D-A962D3765664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D5D1C4E-FD89-4FAF-B58B-3410DA938A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "082926C3-B1C7-4030-B4F8-45151F37BE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB1F2CEB-AE60-409F-A1C3-A45384782E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC8D1462-9E72-4160-8792-3A9AFF8589C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jadc2s:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C26238-1611-4A04-A2C5-60BE493CCDE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jadc2s:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "60AAD395-7AEC-48AC-90C4-960A268A9154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jadc2s:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B97785-7A56-4D71-93DD-B05D5404256B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jadc2s:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2F55F44-A474-40DB-9B06-9D327418E93F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections."
    }
  ],
  "id": "CVE-2004-1378",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-09-21T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://devel.amessage.info/jabberd14/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109583829122679\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/12636"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1011383"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1011384"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10257"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17466"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://devel.amessage.info/jabberd14/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109583829122679\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/12636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1011383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1011384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17467"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.