1. CVE-Search
  2. CVE-2004-1378
ID CVE-2004-1378
Summary The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.
References
Vulnerable Configurations
  • cpe:2.3:a:jabberstudio:jabberd:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:1.4.2a:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:1.4.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jadc2s:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jadc2s:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jadc2s:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jadc2s:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jadc2s:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jadc2s:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jadc2s:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jadc2s:0.9:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 11231
bugtraq 20040920 Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0
confirm
gentoo GLSA-200409-31
mlist [jabberd] 20040919 Jabberd 1.4 critical bug
osvdb 10257
sectrack
  • 1011383
  • 1011384
secunia 12636
xf
  • jabberd-xml-dos(17466)
  • jadc2s-xml-dos(17467)
Last major update 11-07-2017 - 01:30
Published 21-09-2004 - 04:00
Last modified 11-07-2017 - 01:30
Back to Top