Lucene search

PRIOn knowledge basePRION:CVE-2014-0364

HistoryApr 30, 2014 - 10:49 a.m.

Design/Logic Flaw

2014-04-3010:49:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

81.9%

JSON

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.

CPENameOperatorVersion
smacklt4.0.0

CPE	Name	Operator	Version
	smack	lt	4.0.0

References

community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released

rhn.redhat.com/errata/RHSA-2015-1176.html

secunia.com/advisories/59290

secunia.com/advisories/59291

www.kb.cert.org/vuls/id/489228

www.securityfocus.com/bid/67124

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

81.9%

JSON

Related for PRION:CVE-2014-0364