Lucene search

K
nvd[email protected]NVD:CVE-2014-0363
HistoryApr 30, 2014 - 10:49 a.m.

CVE-2014-0363

2014-04-3010:49:04
CWE-295
web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

5.7

Confidence

Low

EPSS

0.002

Percentile

60.1%

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

Affected configurations

NVD
Node
igniterealtimesmackRange<4.0.0

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

5.7

Confidence

Low

EPSS

0.002

Percentile

60.1%