CVE-2011-4320 - The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticat

CVE-2011-4320

Summary

The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.

References

Vulnerable Configurations

cpe:2.3:a:process-one:ejabberd:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:3.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:3.0.0:alpha3:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 29-02-2012 - 05:00)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

confirm	http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9 https://support.process-one.net/browse/EJAB-1498
mlist	[oss-security] 20111119 CVE request: ejabberd before 2.1.9 [oss-security] 20111119 Re: CVE request: ejabberd before 2.1.9
osvdb	77302
secunia	46915

Last major update

29-02-2012 - 05:00

Published

18-02-2012 - 00:55

Last modified

29-02-2012 - 05:00