CVE-2011-2206 - Vulnerability Details - OpenCVE

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Brad Fitzpatrick	Djabberd

Configuration 1 [-]

OR	cpe:2.3:a:brad_fitzpatrick:djabberd::::::::
	cpe:2.3:a:brad_fitzpatrick:djabberd:0.80:::::::*
	cpe:2.3:a:brad_fitzpatrick:djabberd:0.81:::::::*
	cpe:2.3:a:brad_fitzpatrick:djabberd:0.82:::::::*
	cpe:2.3:a:brad_fitzpatrick:djabberd:0.83:::::::*

No data.

References

Link	Providers
http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain
http://www.openwall.com/lists/oss-security/2011/06/14/6
http://www.openwall.com/lists/oss-security/2011/06/15/5
https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992
https://raw.github.com/djabberd/DJabberd/master/CHANGES

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-06-22T22:00:00Z

Updated: 2024-09-16T22:10:13.553Z

Reserved: 2011-05-31T00:00:00Z

Link: CVE-2011-2206

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-06-22T22:55:04.230

Modified: 2024-11-21T01:27:48.980

Link: CVE-2011-2206

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-06-22T22:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/15/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://raw.github.com/djabberd/DJabberd/master/CHANGES"}, {"name": "[djabberd] 20110613 Security Release DJabberd 0.85", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain"}, {"name": "[oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/14/6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2206", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/06/15/5"}, {"name": "https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992", "refsource": "CONFIRM", "url": "https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992"}, {"name": "https://raw.github.com/djabberd/DJabberd/master/CHANGES", "refsource": "CONFIRM", "url": "https://raw.github.com/djabberd/DJabberd/master/CHANGES"}, {"name": "[djabberd] 20110613 Security Release DJabberd 0.85", "refsource": "MLIST", "url": "http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain"}, {"name": "[oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/06/14/6"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:53:17.254Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/15/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://raw.github.com/djabberd/DJabberd/master/CHANGES"}, {"name": "[djabberd] 20110613 Security Release DJabberd 0.85", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain"}, {"name": "[oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/14/6"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2206", "datePublished": "2011-06-22T22:00:00Z", "dateReserved": "2011-05-31T00:00:00Z", "dateUpdated": "2024-09-16T22:10:13.553Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brad_fitzpatrick:djabberd:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DB4425D-CE10-43F1-8C80-E9DBEAA1A8CA", "versionEndIncluding": "0.84", "vulnerable": true}, {"criteria": "cpe:2.3:a:brad_fitzpatrick:djabberd:0.80:*:*:*:*:*:*:*", "matchCriteriaId": "ED0AD021-B360-4049-8B78-D42979EF42A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:brad_fitzpatrick:djabberd:0.81:*:*:*:*:*:*:*", "matchCriteriaId": "4D0F3B59-B095-4A03-A0EE-32074C07D52F", "vulnerable": true}, {"criteria": "cpe:2.3:a:brad_fitzpatrick:djabberd:0.82:*:*:*:*:*:*:*", "matchCriteriaId": "4C0A1D04-8E49-457E-B453-2C4614B12BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:brad_fitzpatrick:djabberd:0.83:*:*:*:*:*:*:*", "matchCriteriaId": "2D18B44D-A446-4E45-A10E-83878380859E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757."}, {"lang": "es", "value": "XMLParser.pm en DJabberd v0.85 y anteriores permite a usuarios remotos autenticados leer ficheros arbitrarios, y posiblemente enviar peticiones HTTP a los servidores de intranet o causar una denegaci\u00f3n de servicio (CPU y el consumo de memoria), a trav\u00e9s de una declaraci\u00f3n de entidad XML externo junto con una referencia de entidad, una vulnerabilidad diferente a CVE-2011-1757."}], "id": "CVE-2011-2206", "lastModified": "2024-11-21T01:27:48.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-06-22T22:55:04.230", "references": [{"source": "secalert@redhat.com", "url": "http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/14/6"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/15/5"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992"}, {"source": "secalert@redhat.com", "url": "https://raw.github.com/djabberd/DJabberd/master/CHANGES"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/14/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/15/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://raw.github.com/djabberd/DJabberd/master/CHANGES"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}