Vulnerabilities > CVE-2011-2206 - Resource Management Errors vulnerability in Brad Fitzpatrick Djabberd

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

brad-fitzpatrick

CWE-399

NVD

Published: 2011-06-22

Updated: 2024-11-21

Summary

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

Vulnerable Configurations

Part	Description	Count
Application	Brad_Fitzpatrick Brad Fitzpatrick Djabberd 0.82 Brad Fitzpatrick Djabberd * Brad Fitzpatrick Djabberd 0.81 Brad Fitzpatrick Djabberd 0.83 Brad Fitzpatrick Djabberd 0.80	5

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain
http://www.openwall.com/lists/oss-security/2011/06/14/6
http://www.openwall.com/lists/oss-security/2011/06/15/5
https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992
https://raw.github.com/djabberd/DJabberd/master/CHANGES
http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain
https://raw.github.com/djabberd/DJabberd/master/CHANGES
https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992
http://www.openwall.com/lists/oss-security/2011/06/15/5
http://www.openwall.com/lists/oss-security/2011/06/14/6