Denial of Service Vulnerability in mod_pubsub Module of ejabberd

Denial of Service Vulnerability in mod_pubsub Module of ejabberd

CVE-2011-4320 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:N/A:P

The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.

Learn more about our User Device Pen Test.