jabberd14: denial of service
| Package(s): | jabberd14 | CVE #(s): | CVE-2011-1754 | ||||
| Created: | June 1, 2011 | Updated: | June 2, 2011 | ||||
| Description: | From the Debian advisory: Wouter Coekaerts discovered that jabberd14, an instant messaging server using the Jabber/XMPP protocol, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it. | ||||||
| Alerts: |
| ||||||