CVE-2014-2744 in Metronomeinformation

Résumé

par MITRE

plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Réserver

08/04/2014

Divulgation

10/04/2014

Modérer

accepté

Entrée

VDB-66932

CPE

prêt

EPSS

0.03313

KEV

non

Activités

très faible

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!