Lucene search

[email protected]NVD:CVE-2012-3525

HistoryAug 25, 2012 - 4:55 p.m.

CVE-2012-3525

2012-08-2516:55:00

CWE-20

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

Affected configurations

NVD

Node

jabber2jabberd2Match2.1.19

jabberd2jabberd2Range≤2.2.16

jabberd2jabberd2Match2.1

jabberd2jabberd2Match2.1.1

jabberd2jabberd2Match2.1.2

jabberd2jabberd2Match2.1.3

jabberd2jabberd2Match2.1.4

jabberd2jabberd2Match2.1.5

jabberd2jabberd2Match2.1.6

jabberd2jabberd2Match2.1.7

jabberd2jabberd2Match2.1.8

jabberd2jabberd2Match2.1.9

jabberd2jabberd2Match2.1.10

jabberd2jabberd2Match2.1.11

jabberd2jabberd2Match2.1.12

jabberd2jabberd2Match2.1.13

jabberd2jabberd2Match2.1.14

jabberd2jabberd2Match2.1.15

jabberd2jabberd2Match2.1.16

jabberd2jabberd2Match2.1.17

jabberd2jabberd2Match2.1.18

jabberd2jabberd2Match2.1.20

jabberd2jabberd2Match2.1.21

jabberd2jabberd2Match2.1.22

jabberd2jabberd2Match2.1.23

jabberd2jabberd2Match2.1.24

jabberd2jabberd2Match2.2.0

jabberd2jabberd2Match2.2.1

jabberd2jabberd2Match2.2.2

jabberd2jabberd2Match2.2.3

jabberd2jabberd2Match2.2.4

jabberd2jabberd2Match2.2.5

jabberd2jabberd2Match2.2.6

jabberd2jabberd2Match2.2.7

jabberd2jabberd2Match2.2.7.1

jabberd2jabberd2Match2.2.8

jabberd2jabberd2Match2.2.9

jabberd2jabberd2Match2.2.10

jabberd2jabberd2Match2.2.11

jabberd2jabberd2Match2.2.12

jabberd2jabberd2Match2.2.13

jabberd2jabberd2Match2.2.14

jabberd2jabberd2Match2.2.15

References

lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

rhn.redhat.com/errata/RHSA-2012-1538.html

rhn.redhat.com/errata/RHSA-2012-1539.html

secunia.com/advisories/50124

secunia.com/advisories/50859

www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html

www.openwall.com/lists/oss-security/2012/08/22/5

www.openwall.com/lists/oss-security/2012/08/22/6

www.securityfocus.com/bid/55167

xmpp.org/resources/security-notices/server-dialback/

bugzilla.redhat.com/show_bug.cgi?id=850872

github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for NVD:CVE-2012-3525

redhat2 nessus10 openvas6 veracode1 prion1 freebsd1 debiancve1 cvelist1 cve1 fedora3 ubuntucve1 securityvulns2