CVE-2004-1378

Sažetak

The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.

Reference

http://devel.amessage.info/jabberd14/
http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html
http://marc.info/?l=bugtraq&m=109583829122679&w=2
http://secunia.com/advisories/12636
http://securitytracker.com/id?1011383
http://securitytracker.com/id?1011384
http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml
http://www.osvdb.org/10257
http://www.securityfocus.com/bid/11231
http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/17466
https://exchange.xforce.ibmcloud.com/vulnerabilities/17467

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

21-09-2004 - 04:00