ID de Prueba:	1.3.6.1.4.1.25623.1.0.69997
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: ejabberd
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: ejabberd CVE-2011-1753 expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1753 44765 http://secunia.com/advisories/44765 44807 http://secunia.com/advisories/44807 45120 http://secunia.com/advisories/45120 48072 http://www.securityfocus.com/bid/48072 DSA-2248 http://www.debian.org/security/2011/dsa-2248 FEDORA-2011-8415 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062099.html FEDORA-2011-8437 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062145.html ejabberd-xml-dos(67769) https://exchange.xforce.ibmcloud.com/vulnerabilities/67769 http://www.ejabberd.im/ejabberd-2.1.7 http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7/ https://bugzilla.redhat.com/show_bug.cgi?id=700454 https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac612a6a956c1ff0b6
Copyright	Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.