Main Vulnerability Database Exploits ID:7249 - Exploit for XML Entity Expansion in Prosody - CVE-2022-0217

ID:7249 - Exploit for XML Entity Expansion in Prosody - CVE-2022-0217

Published: January 19, 2022

Vulnerability identifier: #VU59655

Vulnerability risk: Medium

CVE-ID: CVE-2022-0217

CWE-ID: CWE-776

Exploitation vector: Remote access

Vulnerable software:
Prosody

Link to public exploit:

https://seclists.org/oss-sec/2022/q1/att-53/instructions_md.bin

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of untrusted XML data. A remote attacker can send specially crafted data to the affected server and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

ID:7249 - Exploit for XML Entity Expansion in Prosody - CVE-2022-0217

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human