FKIE_CVE-2004-1378

Vulnerability from fkie_nvd - Published: 2004-09-21 04:00 - Updated: 2026-04-16 00:27
Severity
Summary
The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.
References
cve@mitre.orghttp://devel.amessage.info/jabberd14/Patch
cve@mitre.orghttp://mail.jabber.org/pipermail/jabberd/2004-September/002004.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109583829122679&w=2
cve@mitre.orghttp://secunia.com/advisories/12636
cve@mitre.orghttp://securitytracker.com/id?1011383
cve@mitre.orghttp://securitytracker.com/id?1011384
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200409-31.xmlPatch
cve@mitre.orghttp://www.osvdb.org/10257
cve@mitre.orghttp://www.securityfocus.com/bid/11231Patch
cve@mitre.orghttp://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17466
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17467
af854a3a-2127-422b-91ae-364da2661108http://devel.amessage.info/jabberd14/Patch
af854a3a-2127-422b-91ae-364da2661108http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109583829122679&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12636
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1011383
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1011384
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200409-31.xmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/10257
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11231Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17466
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17467
Impacted products
Vendor Product Version
jabberstudio jabberd 1.4
jabberstudio jabberd 1.4.1
jabberstudio jabberd 1.4.2
jabberstudio jabberd 1.4.2a
jabberstudio jabberd 1.4.3
jabberstudio jadc2s 0.6
jabberstudio jadc2s 0.7
jabberstudio jadc2s 0.8
jabberstudio jadc2s 0.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF04B475-4901-48FD-AD5D-A962D3765664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D5D1C4E-FD89-4FAF-B58B-3410DA938A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "082926C3-B1C7-4030-B4F8-45151F37BE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB1F2CEB-AE60-409F-A1C3-A45384782E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jabberd:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC8D1462-9E72-4160-8792-3A9AFF8589C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jadc2s:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C26238-1611-4A04-A2C5-60BE493CCDE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jadc2s:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "60AAD395-7AEC-48AC-90C4-960A268A9154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jadc2s:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B97785-7A56-4D71-93DD-B05D5404256B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jabberstudio:jadc2s:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2F55F44-A474-40DB-9B06-9D327418E93F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections."
    }
  ],
  "id": "CVE-2004-1378",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-09-21T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://devel.amessage.info/jabberd14/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109583829122679\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/12636"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1011383"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1011384"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10257"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17466"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://devel.amessage.info/jabberd14/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109583829122679\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/12636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1011383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1011384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17467"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.