com.ahome-it:ahome-tooling-server-core (>=1.0.110-RELEASE <=1.0.114-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.111-RELEASE <=1.0.112-RELEASE) +45 more potentially affected by CVE-2016-10027 via org.igniterealtime.smack:smack-core (>=4.0.0-rc1 <=4.1.8)

org.igniterealtime.smack:smack-core MAVEN version =4.0.0-rc1, =1.0.110-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =0.1.3, =0.1.5, =0.0.0.1, =0.0.0.25, =0.1, =1.2.4, =0.2.5, =1.1.9, =1.1.55 and more Source cves: CVE-2016-10027 Source advisory:...

CVE-2016-10027

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...

CVE-2016-10027

The CVE refers to Smack’s XMPP library (pre-4.1.9). A race condition when TLS SecurityMode.required is set can let an attacker perform a MITM by stripping the server’s starttls feature, bypassing TLS protections and causing client authentication to fall back to cleartext. Affected: Smack versions...

Fedora Update for smack FEDORA-2016-897a1e6698

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...