(*) tests performed by 3rd-parties upon our initial disclosure, see http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

Discl. Date

Software

Vulnerability Type

References

 

17/07/2014

Apache HTTPD

Resource exhaustion that allows DoS

CVE-2014-0118

 

08/05/2014

Apache CXF

Resource exhaustion that allows DoS

CVE-2014-0110, CVE-2014-0109

 

10/04/2014

Prosody (Lightwitch)

Resource exhaustion via xmppbomb DoS attack

CVE-2014-2744, CVE-2014-2745

 

10/04/2014

Tigase

Resource exhaustion via xmppbomb DoS attack

CVE-2014-2746

 

10/04/2014

Ignite Realtime Openfire

Resource exhaustion via xmppbomb DoS attack

CVE-2014-2741

 

10/04/2014

Isode M-Link

Resource exhaustion via xmppbomb DoS attack

CVE-2014-2742

(*)

10/04/2014

Lightwitch

Resource exhaustion via xmppbomb DoS attack

CVE-2014-2743

(*)

10/04/2014

MongooseIM

Resource exhaustion via xmppbomb DoS attack

CVE-2014-2829

(*)

22/02/2013

CS-Cart

Logic Vulnerability that allows to shop for free

CVE-2013-0118, VU#583564

 

30/10/2012

TomatoCart

Logic Vulnerability that allows to pay less or shop for free

CVE-2012-4934, VU#207540

 

18/09/2012

osCommerce

Logic Vulnerability that allows to shop for free

CVE-2012-2991, VU#459446