Описание
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 0.9.4-1 |
| bionic | not-affected | 0.9.4-1 |
| cosmic | not-affected | 0.9.4-1 |
| devel | not-affected | 0.9.4-1 |
| disco | not-affected | 0.9.4-1 |
| esm-apps/bionic | not-affected | 0.9.4-1 |
| esm-apps/xenial | not-affected | 0.9.4-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
Показывать по
EPSS
7.8 High
CVSS2
Связанные уязвимости
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightw ...
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.
EPSS
7.8 High
CVSS2