Vulnerability Details : CVE-2010-0305
ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-0305
Probability of exploitation activity in the next 30 days: 8.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0305
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-0305
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0305
-
http://www.openwall.com/lists/oss-security/2010/01/29/1
oss-security - CVE Request -- ejabberdPatch
-
http://www.openwall.com/lists/oss-security/2010/01/29/5
oss-security - Re: CVE Request -- ejabberdPatch
-
https://support.process-one.net/browse/EJAB-1173
[EJAB-1173] ejabberd crashes when c2s message queue gets overloaded - ProcessOne - Support
-
http://www.debian.org/security/2010/dsa-2033
Debian -- Security Information -- DSA-2033-1 ejabberd
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56025
ejabberd client2server denial of service CVE-2010-0305 Vulnerability Report
-
http://www.vupen.com/english/advisories/2010/0894
Webmail | OVH- OVH
-
http://www.securityfocus.com/bid/38003
ejabberd 'client2server' Message Remote Denial of Service Vulnerability
Products affected by CVE-2010-0305
- cpe:2.3:a:process-one:ejabberd:*:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.1_2:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.4:*:*:*:*:*:*:*