139 matches found
Man In The Middle (MitM)
Smack XMPP library is vulnerable to man-in-the-middle MitM attacks. This is because the security of the TLS connection is not always enforced, making it vulnerable to MitM. By stripping the "starttls" feature from the server response with a man-in-the-middle tool, an attacker can force the client...
Atlassian Bamboo Ignite Realtime Smack XMPP API Arbitrary Code Execution Vulnerability
Atlassian Bamboo is a set of continuous integration build tools from Atlassian Australia. A security vulnerability in the Ignite Realtime Smack XMPP API used in Atlassian Bamboo versions prior to 5.9.9 and 5.10.x prior to 5.10.0 can be exploited by remote attackers to execute arbitrary Java code...
Design/Logic Flaw
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...
CVE-2014-9757
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...
CVE-2014-9757
CVE-2014-9757 affects Atlassian Bamboo prior to 5.9.9 and 5.10.x prior to 5.10.0, due to a deserialization vulnerability in the Ignite Realtime Smack XMPP API used by Bamboo. Remote configured XMPP servers can send serialized data in XMPP messages to execute arbitrary Java code on Bamboo servers....
CVE-2014-9757
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message...
CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability
Bamboo used an old version of the Smack XMPP library that deserialises messages received from XMPP. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo if a XMPP connection has been configured. To exploit this issue, Bamboo...
CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability
Bamboo used an old version of the Smack XMPP library that deserialises messages received from XMPP. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo if a XMPP connection has been configured. To exploit this issue, Bamboo...
CVE-2015-2721
Mozilla Network Security Services NSS before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle...
CVE-2015-2721
CVE-2015-2721 (NSS) arises from NSS not correctly handling TLS state machine transitions, allowing a MITM to bypass forward secrecy by blocking the ServerKeyExchange message (the SMACK SKIP-TLS issue). Affected: NSS libraries used by Mozilla Firefox/Thunderbird and related products; impact includ...
smack: MitM vulnerability
It was found that SSLSocket in Smack did not perform hostname verification. An attacker could redirect traffic between an application and an XMPP server by providing a valid certificate for a domain under the attacker's control...
smack: IQ response spoofing
It was found that the ParseRoster component in the Smack XMPP API did not verify the From attribute of a roster-query IQ stanza. A remote attacker could use this flaw to spoof IQ responses...
Fedora 21 : smack-4.0.6-1.fc21 (2015-0046)
update to 4.0.6. fix CVE-2014-0364 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
Fedora Update for smack FEDORA-2015-0046
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for smack FEDORA-2014-16312
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2014-0548 Updated smack packages fix security vulnerabilities
Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers...
Updated smack packages fix security vulnerabilities
Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers...
Fedora 20 : smack-3.2.2-6.fc20 (2014-16383)
fix for CVE-2014-0363 rhbz1093274 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...
Fedora 21 : smack-3.2.2-8.fc21 (2014-16312)
fix for CVE-2014-0363 rhbz1093274 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...
Fedora Update for smack FEDORA-2014-16383
Check the version of smack SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868607";...