Lucene search

K

PRIOn knowledge basePRION:CVE-2011-2205

HistoryJun 22, 2011 - 9:55 p.m.

Code injection

2011-06-2221:55:00

PRIOn knowledge base

www.prio-n.com

6

6.5 Medium

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

90.1%

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CPENameOperatorVersion
prosodyeq0.6.0
prosodyeq0.6
prosodyeq0.4.2
prosodyeq0.8
prosodyeq0.5.0
prosodyeq0.6.1
prosodyeq0.5.2
prosodyeq0.7
prosodyeq0.4.0
prosodyeq0.7.0

Rows per page:

1-10 of 161

References

blog.prosody.im/prosody-0-8-1-released/

hg.prosody.im/0.8/rev/5305a665bdd4

hg.prosody.im/0.8/rev/ee6a18f10a8d

prosody.im/doc/release/0.8.1

secunia.com/advisories/44852

www.openwall.com/lists/oss-security/2011/06/14/6

www.openwall.com/lists/oss-security/2011/06/15/5

www.securityfocus.com/bid/48125

exchange.xforce.ibmcloud.com/vulnerabilities/67884

6.5 Medium

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

90.1%

Related for PRION:CVE-2011-2205

ubuntucve13 debiancve11 cve29 nvd29 cvelist29 nessus20 openvas22 prion27 github2 freebsd1 redhatcve1 osv3 centos1 redhat1 veracode1 securityvulns1