Lucene search
K

139 matches found

Veracode
Veracode
added 2016/12/21 3:54 a.m.20 views

Man In The Middle (MitM)

Smack XMPP library is vulnerable to man-in-the-middle MitM attacks. This is because the security of the TLS connection is not always enforced, making it vulnerable to MitM. By stripping the "starttls" feature from the server response with a man-in-the-middle tool, an attacker can force the client...

5.9CVSS5.4AI score0.01519EPSS
Exploits0References9Affected Software1
CNVD
CNVD
added 2016/03/31 12:0 a.m.44 views

Atlassian Bamboo Ignite Realtime Smack XMPP API Arbitrary Code Execution Vulnerability

Atlassian Bamboo is a set of continuous integration build tools from Atlassian Australia. A security vulnerability in the Ignite Realtime Smack XMPP API used in Atlassian Bamboo versions prior to 5.9.9 and 5.10.x prior to 5.10.0 can be exploited by remote attackers to execute arbitrary Java code...

9.8CVSS7.6AI score0.02338EPSS
Exploits0References1
Prion
Prion
added 2016/02/08 7:59 p.m.18 views

Design/Logic Flaw

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...

7.5CVSS7.9AI score0.02338EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2016/02/08 7:59 p.m.31 views

CVE-2014-9757

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...

9.8CVSS9.7AI score0.02338EPSS
Exploits0References4
CVE
CVE
added 2016/02/08 7:0 p.m.57 views

CVE-2014-9757

CVE-2014-9757 affects Atlassian Bamboo prior to 5.9.9 and 5.10.x prior to 5.10.0, due to a deserialization vulnerability in the Ignite Realtime Smack XMPP API used by Bamboo. Remote configured XMPP servers can send serialized data in XMPP messages to execute arbitrary Java code on Bamboo servers....

9.8CVSS9.6AI score0.02338EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/02/08 7:0 p.m.34 views

CVE-2014-9757

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...

9.8AI score0.02338EPSS
Exploits0References4
Atlassian
Atlassian
added 2016/01/12 3:54 a.m.93 views

CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability

Bamboo used an old version of the Smack XMPP library that deserialises messages received from XMPP. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo if a XMPP connection has been configured. To exploit this issue, Bamboo...

9.8CVSS4.4AI score0.02976EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/01/12 3:54 a.m.33 views

CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability

Bamboo used an old version of the Smack XMPP library that deserialises messages received from XMPP. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo if a XMPP connection has been configured. To exploit this issue, Bamboo...

9.8CVSS9.2AI score0.02338EPSS
Exploits0
NVD
NVD
added 2015/07/06 2:0 a.m.17 views

CVE-2015-2721

Mozilla Network Security Services NSS before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle...

4.3CVSS4.2AI score0.03275EPSS
Exploits1References29
CVE
CVE
added 2015/07/06 1:0 a.m.231 views

CVE-2015-2721

CVE-2015-2721 (NSS) arises from NSS not correctly handling TLS state machine transitions, allowing a MITM to bypass forward secrecy by blocking the ServerKeyExchange message (the SMACK SKIP-TLS issue). Affected: NSS libraries used by Mozilla Firefox/Thunderbird and related products; impact includ...

4.3CVSS4.1AI score0.03275EPSS
Exploits1References29Affected Software5
RedHat Linux
RedHat Linux
added 2015/06/23 4:52 p.m.7 views

smack: MitM vulnerability

It was found that SSLSocket in Smack did not perform hostname verification. An attacker could redirect traffic between an application and an XMPP server by providing a valid certificate for a domain under the attacker's control...

6.8CVSS5.8AI score0.00924EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/23 4:52 p.m.3 views

smack: IQ response spoofing

It was found that the ParseRoster component in the Smack XMPP API did not verify the From attribute of a roster-query IQ stanza. A remote attacker could use this flaw to spoof IQ responses...

5CVSS5.8AI score0.06242EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/01/12 12:0 a.m.28 views

Fedora 21 : smack-4.0.6-1.fc21 (2015-0046)

update to 4.0.6. fix CVE-2014-0364 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

5CVSS7.3AI score0.06242EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/01/12 12:0 a.m.25 views

Fedora Update for smack FEDORA-2015-0046

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS9.5AI score0.06242EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/01/05 12:0 a.m.35 views

Fedora Update for smack FEDORA-2014-16312

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS9.5AI score0.0123EPSS
Exploits0References2
OSV
OSV
added 2014/12/26 5:4 p.m.8 views

MGASA-2014-0548 Updated smack packages fix security vulnerabilities

Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers...

6.8CVSS6.3AI score0.0123EPSS
Exploits0References4
Mageia
Mageia
added 2014/12/26 5:4 p.m.57 views

Updated smack packages fix security vulnerabilities

Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers...

6.8CVSS8.6AI score0.0123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.34 views

Fedora 20 : smack-3.2.2-6.fc20 (2014-16383)

fix for CVE-2014-0363 rhbz1093274 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

5.8CVSS7.3AI score0.0123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.27 views

Fedora 21 : smack-3.2.2-8.fc21 (2014-16312)

fix for CVE-2014-0363 rhbz1093274 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

5.8CVSS7.3AI score0.0123EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/12/15 12:0 a.m.26 views

Fedora Update for smack FEDORA-2014-16383

Check the version of smack SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868607";...

6.8CVSS9.5AI score0.0123EPSS
Exploits0References2
Rows per page
Query Builder