Vulnerabilites related to jabber2 - jabberd2
CVE-2012-3525 (GCVE-0-2012-3525)
Vulnerability from cvelistv5
Published
2012-08-25 16:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1538",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"name": "[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"name": "[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"name": "55167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55167"
},
{
"name": "50124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"name": "APPLE-SA-2013-03-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
},
{
"name": "RHSA-2012:1539",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"name": "[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"name": "50859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50859"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1538",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"name": "[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"name": "[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"name": "55167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55167"
},
{
"name": "50124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"name": "APPLE-SA-2013-03-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
},
{
"name": "RHSA-2012:1539",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"name": "[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"name": "50859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50859"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3525",
"datePublished": "2012-08-25T16:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-08-25 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1538.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1539.html | ||
| secalert@redhat.com | http://secunia.com/advisories/50124 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/50859 | ||
| secalert@redhat.com | http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/08/22/5 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/08/22/6 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/55167 | ||
| secalert@redhat.com | http://xmpp.org/resources/security-notices/server-dialback/ | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=850872 | ||
| secalert@redhat.com | https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1538.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1539.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50124 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50859 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/08/22/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/08/22/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/55167 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://xmpp.org/resources/security-notices/server-dialback/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=850872 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d | Exploit, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jabber2 | jabberd2 | 2.1.19 | |
| jabberd2 | jabberd2 | * | |
| jabberd2 | jabberd2 | 2.1 | |
| jabberd2 | jabberd2 | 2.1.1 | |
| jabberd2 | jabberd2 | 2.1.2 | |
| jabberd2 | jabberd2 | 2.1.3 | |
| jabberd2 | jabberd2 | 2.1.4 | |
| jabberd2 | jabberd2 | 2.1.5 | |
| jabberd2 | jabberd2 | 2.1.6 | |
| jabberd2 | jabberd2 | 2.1.7 | |
| jabberd2 | jabberd2 | 2.1.8 | |
| jabberd2 | jabberd2 | 2.1.9 | |
| jabberd2 | jabberd2 | 2.1.10 | |
| jabberd2 | jabberd2 | 2.1.11 | |
| jabberd2 | jabberd2 | 2.1.12 | |
| jabberd2 | jabberd2 | 2.1.13 | |
| jabberd2 | jabberd2 | 2.1.14 | |
| jabberd2 | jabberd2 | 2.1.15 | |
| jabberd2 | jabberd2 | 2.1.16 | |
| jabberd2 | jabberd2 | 2.1.17 | |
| jabberd2 | jabberd2 | 2.1.18 | |
| jabberd2 | jabberd2 | 2.1.20 | |
| jabberd2 | jabberd2 | 2.1.21 | |
| jabberd2 | jabberd2 | 2.1.22 | |
| jabberd2 | jabberd2 | 2.1.23 | |
| jabberd2 | jabberd2 | 2.1.24 | |
| jabberd2 | jabberd2 | 2.2.0 | |
| jabberd2 | jabberd2 | 2.2.1 | |
| jabberd2 | jabberd2 | 2.2.2 | |
| jabberd2 | jabberd2 | 2.2.3 | |
| jabberd2 | jabberd2 | 2.2.4 | |
| jabberd2 | jabberd2 | 2.2.5 | |
| jabberd2 | jabberd2 | 2.2.6 | |
| jabberd2 | jabberd2 | 2.2.7 | |
| jabberd2 | jabberd2 | 2.2.7.1 | |
| jabberd2 | jabberd2 | 2.2.8 | |
| jabberd2 | jabberd2 | 2.2.9 | |
| jabberd2 | jabberd2 | 2.2.10 | |
| jabberd2 | jabberd2 | 2.2.11 | |
| jabberd2 | jabberd2 | 2.2.12 | |
| jabberd2 | jabberd2 | 2.2.13 | |
| jabberd2 | jabberd2 | 2.2.14 | |
| jabberd2 | jabberd2 | 2.2.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jabber2:jabberd2:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "24C9A9BA-FC37-4FED-B03B-02FD87DF4B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA058DB-6786-489E-B560-1AE154607AAC",
"versionEndIncluding": "2.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38A57C87-1E18-4DEC-864F-BFECA74FB8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3405FB-CEBD-4E9B-809C-CC436DB491CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C16361-0A6A-46F1-9154-0EBAEF9424DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB738B5C-F549-4171-93F8-821F06D09B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "136B0689-05C4-47AF-BCFC-5BAAD62DD2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA729702-72F3-4BB4-8647-8938DDCA65B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E32A9A5F-7669-4EC1-804E-8FDAD5FD3FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "713D733B-C056-4A87-A0F3-669BD2B97EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5B695154-C52C-4A26-AB56-B9D301268BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "33D8A7D9-1565-4CA2-832B-3B5A800E7185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "64DA6F74-7F66-4C47-A05A-1F1143FEBF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7B360C-9222-4862-A1A3-D939D8E5B906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC4B150-E318-430D-AB53-7FC4235534E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0A1409-AA29-4393-AF76-38D2F6621BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B389FE79-E88D-4BD3-A3DB-5015FF9E78C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9B5DE-912B-4D76-A428-2A614918C1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCAEDE2-B0C2-48CB-B0C3-594A6569B904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B73387-35EC-440C-8B93-879BD66E39F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "47426695-4686-4736-B27E-6800ACB43CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6F846FB8-DCDA-4A24-9DD7-2F9C9AC3833F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9B9D48-5848-4313-9EDF-FDE562875EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5C31E5-2441-4C53-9E10-3AB33FCF11A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "703383CD-DF8D-4DA1-B322-8DE9E847A8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A9F0E1-0A41-4C98-8467-0578D98AD0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "769A2F0A-816C-458A-B579-CE8BB8FF5A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BD3313-4CF5-44EE-91EC-D6F0C23D0342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3E1C3C-FB3B-4941-A879-0F351959EB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98EE2C3A-67C4-45D5-80EE-3819F5AB1133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4C94F7-4093-46B5-9B2E-9F3B2BD462DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9B7918-C678-4CE8-97B1-52AF3E17A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10D9719B-B6AE-4AA1-9767-FD85DE12782B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5C64CA72-E6D6-4981-AA23-447EA7FAFD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57CE98F9-FA6B-49D0-8410-BCD188E2F64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "64A5D6D9-D045-4A0A-BBAB-21F2C228BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "595AFA35-92B5-4957-A2AA-DF9E09990438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45836D34-A47C-49F6-9A1A-3F8160611058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "89ED36F8-4D8C-406E-BE8A-F8C374227F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "28D0CB97-3F6A-4CD6-A9A4-2F6743E13F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9923E4E2-ADB1-4729-97AE-C4EA19D5E6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "69E01C9E-5B90-4044-B002-87A741CA6AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F295-2C75-4260-9A3F-A7A225B36EB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response."
},
{
"lang": "es",
"value": "s2s/out.c en jabberd2 v2.2.16 y anteriores no comprueba que se presente una solicitud para una respuesta XMPP Server Dialback, lo que permite a servidores remotos de XMPP falsificar dominios a trav\u00e9s (1) Verify Response o (2) Authorization Response."
}
],
"id": "CVE-2012-3525",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-25T16:55:00.837",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50124"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}