Your submission was sent successfully! Close

CVE-2011-2205

Published: 22 June 2011

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Priority

Medium

Status

Package Release Status
prosody
Launchpad, Ubuntu, Debian
Upstream
Released (0.7.0-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable