CVE-2011-1757

Severity CVSS v4.0:
Pending analysis
Type:
CWE-399 Resource Management Errors
Publication date:
21/06/2011
Last modified:
11/04/2025

Description

DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:brad_fitzpatrick:djabberd:*:*:*:*:*:*:*:* 0.84 (including)
cpe:2.3:a:brad_fitzpatrick:djabberd:0.80:*:*:*:*:*:*:*
cpe:2.3:a:brad_fitzpatrick:djabberd:0.81:*:*:*:*:*:*:*
cpe:2.3:a:brad_fitzpatrick:djabberd:0.82:*:*:*:*:*:*:*
cpe:2.3:a:brad_fitzpatrick:djabberd:0.83:*:*:*:*:*:*:*