Vulnerabilities > CVE-2011-2206 - Resource Management Errors vulnerability in Brad Fitzpatrick Djabberd

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

brad-fitzpatrick

CWE-399

NVD

Published: 2011-06-22

Updated: 2011-06-28

Summary

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

Vulnerable Configurations

Part	Description	Count
Application	Brad_Fitzpatrick Brad Fitzpatrick Djabberd 0.80 Brad Fitzpatrick Djabberd 0.81 Brad Fitzpatrick Djabberd 0.82 Brad Fitzpatrick Djabberd 0.83 Brad Fitzpatrick Djabberd *	5

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References