CVE-2021-32917

Опубликовано: 13 мая 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.

Ссылки

http://www.openwall.com/lists/oss-security/2021/05/13/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/14/2
Mailing List
Mitigation
Third Party Advisory
https://blog.prosody.im/prosody-0.11.9-released/
Release Notes
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
https://security.gentoo.org/glsa/202105-15
Third Party Advisory
https://www.debian.org/security/2021/dsa-4916
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/13/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/14/2
Mailing List
Mitigation
Third Party Advisory
https://blog.prosody.im/prosody-0.11.9-released/
Release Notes
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
https://security.gentoo.org/glsa/202105-15
Third Party Advisory
https://www.debian.org/security/2021/dsa-4916
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*

Версия до 0.11.9 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03348

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

CVE-2021-32917

CVSS3: 5.3

ubuntu

больше 4 лет назад

CVE-2021-32917

CVSS3: 5.3

debian

больше 4 лет назад

An issue was discovered in Prosody before 0.11.9. The proxy65 componen ...

GHSA-75h4-f9wm-hqpr

github

больше 3 лет назад

BDU:2021-04582

CVSS3: 5.3

fstec

почти 5 лет назад

Уязвимость компонента proxy65 сервера для Jabber/XMPP Prosody, связанная с отсутствием механизма авторизации, позволяющая нарушителю вызвать отказ в обслуживании

openSUSE-SU-2021:0728-1

suse-cvrf

больше 4 лет назад

Security update for prosody

EPSS

Процентиль: 87%

0.03348

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-862