5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
74.4%
This package provides jabberd 2, an Extensible Messaging and Presence
Protocol (XMPP) server used for XML based communication.
It was discovered that the XMPP Dialback protocol implementation in
jabberd 2 did not properly validate Verify Response and Authorization
Response messages. A remote attacker able to connect to the jabberd’s
server-to-server communication port could possibly use this flaw to spoof
source domains of the XMPP messages. (CVE-2012-3525)
Users of Red Hat Network Proxy 5.5 are advised to upgrade to this updated
jabberd package, which resolves this issue. For this update to take effect,
Red Hat Network Proxy must be restarted. Refer to the Solution section for
details.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | jabberd | <Â 2.2.8-20.el6sat | jabberd-2.2.8-20.el6sat.x86_64.rpm |
RedHat | 5 | src | jabberd | <Â 2.2.8-20.el5sat | jabberd-2.2.8-20.el5sat.src.rpm |
RedHat | 6 | src | jabberd | <Â 2.2.8-20.el6sat | jabberd-2.2.8-20.el6sat.src.rpm |
RedHat | 5 | x86_64 | jabberd | <Â 2.2.8-20.el5sat | jabberd-2.2.8-20.el5sat.x86_64.rpm |
RedHat | 6 | s390x | jabberd | <Â 2.2.8-20.el6sat | jabberd-2.2.8-20.el6sat.s390x.rpm |
RedHat | 5 | s390x | jabberd | <Â 2.2.8-20.el5sat | jabberd-2.2.8-20.el5sat.s390x.rpm |