Lucene search

[email protected]CVE-2012-4670

HistoryAug 25, 2012 - 4:55 p.m.

CVE-2012-4670

2012-08-2516:55:01

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-4670

tigase xmpp server

domain spoofing

verify response

authorization response

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.3%

JSON

Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

Affected configurations

NVD

Node

tigasetigase_xmpp_serverRange≤5.1.0beta2

CPENameOperatorVersion
tigase:tigase_xmpp_servertigase tigase xmpp serverle5.1.0

CPE	Name	Operator	Version
tigase:tigase_xmpp_server	tigase tigase xmpp server	le	5.1.0

References

www.tigase.org/content/finally-version-510-final-available

xmpp.org/resources/security-notices/server-dialback/

exchange.xforce.ibmcloud.com/vulnerabilities/77985

projects.tigase.org/projects/tigase-server/repository/revisions/2953/diff

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for CVE-2012-4670

prion1 cvelist1 nvd1