Lucene search

K
prionPRIOn knowledge basePRION:CVE-2014-0363
HistoryApr 30, 2014 - 10:49 a.m.

Design/Logic Flaw

2014-04-3010:49:00
PRIOn knowledge base
www.prio-n.com
2

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

60.1%

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

60.1%