CVE-2012-4669

2022-10-0316:15:32

mitre

www.cve.org

m-link

r14.6

r15.1

xmpp server

dialback spoofing

vulnerability

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.1%

JSON

M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

References

isode.com/company/wordpress/xmpp-server-dialback/

xmpp.org/resources/security-notices/server-dialback/