Lucene search

Tenable5168.PRM

HistorySep 11, 2009 - 12:00 a.m.

Pidgin < 2.6.1 Multiple Vulnerabilities

2009-09-1100:00:00

Tenable

www.tenable.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

83.0%

JSON

The remote host is running Pidgin < 2.6.1. Such versions are potentially affected by multiple issues :

A denial-of-service vulnerability because it fails to properly handle malformed links sent via the Yahoo Instant Messenger protocol. (CVE-2009-3025)
A man-in-the-middle vulnerability exists because the application does not require the TLS/SSL preference to be enabled when connecting to older Jabber servers. (CVE-2009-3026)

Binary data 5168.prm

VendorProductVersionCPE
pidginpidgincpe:/a:pidgin:pidgin

Vendor	Product	Version	CPE
pidgin	pidgin		cpe:/a:pidgin:pidgin

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3025

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026

developer.pidgin.im/wiki/ChangeLog

pidgin.im/news/security/?id=35

pidgin.im/news/security/?id=36

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for 5168.PRM