High severity7.5NVD Advisory· Published Jun 21, 2011· Updated Apr 29, 2026
CVE-2011-1755
CVE-2011-1755
Description
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Affected products
6cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
- secunia.com/advisories/44787nvdBroken LinkVendor Advisory
- support.apple.com/kb/HT5002nvdThird Party Advisory
- www.securityfocus.com/bid/48250nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/67770nvdThird Party AdvisoryVDB Entry
- codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLognvdBroken Link
- lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlnvdMailing List
- lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.htmlnvdMailing List
- lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.htmlnvdMailing List
- lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.htmlnvdMailing List
- secunia.com/advisories/44957nvdBroken Link
- secunia.com/advisories/45112nvdBroken Link
- www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01655.htmlnvdRelease Notes
- www.redhat.com/support/errata/RHSA-2011-0881.htmlnvdBroken Link
- www.redhat.com/support/errata/RHSA-2011-0882.htmlnvdBroken Link
- hermes.opensuse.org/messages/9197650nvdBroken Link
News mentions
0No linked articles in our index yet.