Lucene search

K

[email protected]NVD:CVE-2009-3026

HistoryAug 31, 2009 - 8:30 p.m.

CVE-2009-3026

2009-08-3120:30:01

CWE-310

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the “require TLS/SSL” preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

Affected configurations

NVD

Node

pidginpidginMatch2.6.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891

developer.pidgin.im/ticket/8131

developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279

secunia.com/advisories/37071

www.openwall.com/lists/oss-security/2009/08/24/2

www.securityfocus.com/bid/36368

exchange.xforce.ibmcloud.com/vulnerabilities/53000

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

Related for NVD:CVE-2009-3026

debiancve1 veracode1 cvelist1 ubuntucve1 cve1 prion1 openvas22 nessus19 securityvulns2 gentoo1 redhat1 centos1 oraclelinux1 ubuntu1