CVE-2011-2206

high

Description

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

References

https://raw.github.com/djabberd/DJabberd/master/CHANGES

https://github.com/djabberd/DJabberd/commit/b41d6dc247a175fe8e092d6ec2c460826fa62992

http://www.openwall.com/lists/oss-security/2011/06/15/5

http://www.openwall.com/lists/oss-security/2011/06/14/6

http://groups.google.com/group/djabberd/msg/80a462d5c28873d7?dmode=source&output=gplain

Details

Source: Mitre, NVD

Published: 2011-06-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00725