{"id":"CVE-2011-1755","details":"jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.","modified":"2026-04-10T03:41:46.401389Z","published":"2011-06-21T02:52:43Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/44787"},{"type":"ADVISORY","url":"http://secunia.com/advisories/44957"},{"type":"ADVISORY","url":"http://secunia.com/advisories/45112"},{"type":"ADVISORY","url":"http://support.apple.com/kb/HT5002"},{"type":"ADVISORY","url":"http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01655.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/48250"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67770"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"type":"ARTICLE","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html"},{"type":"ARTICLE","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html"},{"type":"ARTICLE","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=700390"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=700390"},{"type":"WEB","url":"http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog"},{"type":"WEB","url":"http://www.redhat.com/support/errata/RHSA-2011-0881.html"},{"type":"WEB","url":"http://www.redhat.com/support/errata/RHSA-2011-0882.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/48250"},{"type":"WEB","url":"https://hermes.opensuse.org/messages/9197650"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}