5 matches found
Tigase XMPP Server Stanza Smuggling
Tigase XMPP server: XMPP stanza smuggling via unescaped qutes Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to "smuggle" or, if you prefer, inject arbitrary attacker-controlled stanza in the XMPP...
CVE-2012-4670
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
Server side request forgery (ssrf)
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
CVE-2012-4670
Tigase XMPP Server prior to 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, enabling remote XMPP servers to spoof domains via a Verify Response or an Authorization Response. Affected product: Tigase XMPP Server (versions before 5.1.0). Root cause: missing verif...
CVE-2012-4670
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...