CVE-2011-2206

Sažetak

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

Reference

http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain
http://www.openwall.com/lists/oss-security/2011/06/14/6
http://www.openwall.com/lists/oss-security/2011/06/15/5
https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992
https://raw.github.com/djabberd/DJabberd/master/CHANGES

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:P

Zadnje važnije ažuriranje

28-06-2011 - 04:00

Objavljeno

22-06-2011 - 22:55