CVE-2004-1378

The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.

Published: Sep 21, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1378
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
jabberstudio / jadc2s	0.7	0.7.x
jabberstudio / jabberd	1.4.2	1.4.2.x
jabberstudio / jabberd	1.4.3	1.4.3.x
jabberstudio / jadc2s	0.8	0.8.x
jabberstudio / jabberd	1.4	1.4.x
jabberstudio / jadc2s	0.9	0.9.x
jabberstudio / jabberd	1.4.2a	1.4.2a.x
jabberstudio / jadc2s	0.6	0.6.x
jabberstudio / jabberd	1.4.1	1.4.1.x

http://devel.amessage.info/jabberd14/
http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html
http://marc.info/?l=bugtraq&m=109583829122679&w=2
http://secunia.com/advisories/12636
http://securitytracker.com/id?1011383
http://securitytracker.com/id?1011384
http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml
http://www.osvdb.org/10257
http://www.securityfocus.com/bid/11231
http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/17466
https://exchange.xforce.ibmcloud.com/vulnerabilities/17467

Vulnerability Database

290,476

CVE-2004-1378