Описание
XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.
Ссылки
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 0.84 (включая)
Одно из
cpe:2.3:a:brad_fitzpatrick:djabberd:*:*:*:*:*:*:*:*
cpe:2.3:a:brad_fitzpatrick:djabberd:0.80:*:*:*:*:*:*:*
cpe:2.3:a:brad_fitzpatrick:djabberd:0.81:*:*:*:*:*:*:*
cpe:2.3:a:brad_fitzpatrick:djabberd:0.82:*:*:*:*:*:*:*
cpe:2.3:a:brad_fitzpatrick:djabberd:0.83:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00725
Низкий
5.5 Medium
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
больше 3 лет назад
XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.
EPSS
Процентиль: 72%
0.00725
Низкий
5.5 Medium
CVSS2
Дефекты
CWE-399