Описание
net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 5.2.0 (включая)
cpe:2.3:a:tigase:tigase:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02877
Низкий
7.8 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
EPSS
Процентиль: 86%
0.02877
Низкий
7.8 High
CVSS2
Дефекты
CWE-264