MidnightBSD

Advisories for brad_fitzpatrick

CVE-2011-1757 MEDIUM

DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
brad_fitzpatrick djabberd 0.82
brad_fitzpatrick djabberd *
brad_fitzpatrick djabberd 0.80
brad_fitzpatrick djabberd 0.81
brad_fitzpatrick djabberd 0.83
CVE-2011-2206 MEDIUM

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
brad_fitzpatrick djabberd 0.82
brad_fitzpatrick djabberd *
brad_fitzpatrick djabberd 0.80
brad_fitzpatrick djabberd 0.81
brad_fitzpatrick djabberd 0.83