Vulnerabilities

CVE-2014-2744

by Fred · 10/04/2014

plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.

Date published : 2014-04-10

http://blog.prosody.im/prosody-0-9-4-released/

http://code.lightwitch.org/metronome/rev/49f47277a411

Similar

Tags: Cybersecurity Alert