Описание
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 0.9.4-1 |
| bionic | not-affected | 0.9.4-1 |
| cosmic | not-affected | 0.9.4-1 |
| devel | not-affected | 0.9.4-1 |
| disco | not-affected | 0.9.4-1 |
| esm-apps/bionic | not-affected | 0.9.4-1 |
| esm-apps/xenial | not-affected | 0.9.4-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
Показывать по
7.8 High
CVSS2
Связанные уязвимости
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.
Prosody before 0.9.4 does not properly restrict the processing of comp ...
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.
7.8 High
CVSS2