Lucene search

K
cve[email protected]CVE-2014-0363
HistoryApr 30, 2014 - 10:49 a.m.

CVE-2014-0363

2014-04-3010:49:04
CWE-295
web.nvd.nist.gov
27
2
ignite realtime
smack xmpp api
cve-2014-0363
ssl
man-in-the-middle
certificate chains
nvd

8.5 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

60.1%

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

Affected configurations

NVD
Node
igniterealtimesmackRange<4.0.0

Social References

More

8.5 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

60.1%