Vulnerability Details : CVE-2011-4320
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
Vulnerability category: Denial of service
Products affected by CVE-2011-4320
- cpe:2.3:a:process-one:ejabberd:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:3.0.0:alpha3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4320
0.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4320
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2011-4320
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4320
-
https://support.process-one.net/browse/EJAB-1498
[EJAB-1498] Fix Denial of Service when user sends malformed <publish> stanza - ProcessOne - SupportPatch
-
http://www.openwall.com/lists/oss-security/2011/11/19/1
oss-security - CVE request: ejabberd before 2.1.9
-
http://www.openwall.com/lists/oss-security/2011/11/19/2
oss-security - Re: CVE request: ejabberd before 2.1.9
-
http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9
Download ejabberd - World's Most Popular XMPP Application Server
Jump to