What the vulnerability does

01Description

redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.

Key dates

02Disclosure timeline

May 26, 2021 CVE published
August 5, 2024 Record updated