PRIOn knowledge basePRION:CVE-2012-3525Server side request forgery (ssrf)
6.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
76.5%
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
References
lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
rhn.redhat.com/errata/RHSA-2012-1538.html
rhn.redhat.com/errata/RHSA-2012-1539.html
secunia.com/advisories/50124
secunia.com/advisories/50859
www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html
www.openwall.com/lists/oss-security/2012/08/22/5
www.openwall.com/lists/oss-security/2012/08/22/6
www.securityfocus.com/bid/55167
xmpp.org/resources/security-notices/server-dialback/
bugzilla.redhat.com/show_bug.cgi?id=850872
github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d
Related
6.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
76.5%