Denial of Service Vulnerability in Prosody XMPP Server (CVE-2015-8784)

Denial of Service Vulnerability in Prosody XMPP Server (CVE-2015-8784)

CVE-2014-2745 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:N/A:C

Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.

Learn more about our Web Application Penetration Testing UK.