fkie_cve-2012-3525
Vulnerability from fkie_nvd
Published
2012-08-25 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jabber2:jabberd2:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "24C9A9BA-FC37-4FED-B03B-02FD87DF4B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA058DB-6786-489E-B560-1AE154607AAC",
"versionEndIncluding": "2.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38A57C87-1E18-4DEC-864F-BFECA74FB8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3405FB-CEBD-4E9B-809C-CC436DB491CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C16361-0A6A-46F1-9154-0EBAEF9424DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB738B5C-F549-4171-93F8-821F06D09B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "136B0689-05C4-47AF-BCFC-5BAAD62DD2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA729702-72F3-4BB4-8647-8938DDCA65B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E32A9A5F-7669-4EC1-804E-8FDAD5FD3FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "713D733B-C056-4A87-A0F3-669BD2B97EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5B695154-C52C-4A26-AB56-B9D301268BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "33D8A7D9-1565-4CA2-832B-3B5A800E7185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "64DA6F74-7F66-4C47-A05A-1F1143FEBF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7B360C-9222-4862-A1A3-D939D8E5B906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC4B150-E318-430D-AB53-7FC4235534E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0A1409-AA29-4393-AF76-38D2F6621BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B389FE79-E88D-4BD3-A3DB-5015FF9E78C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9B5DE-912B-4D76-A428-2A614918C1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCAEDE2-B0C2-48CB-B0C3-594A6569B904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B73387-35EC-440C-8B93-879BD66E39F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "47426695-4686-4736-B27E-6800ACB43CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6F846FB8-DCDA-4A24-9DD7-2F9C9AC3833F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9B9D48-5848-4313-9EDF-FDE562875EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5C31E5-2441-4C53-9E10-3AB33FCF11A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "703383CD-DF8D-4DA1-B322-8DE9E847A8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A9F0E1-0A41-4C98-8467-0578D98AD0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "769A2F0A-816C-458A-B579-CE8BB8FF5A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BD3313-4CF5-44EE-91EC-D6F0C23D0342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3E1C3C-FB3B-4941-A879-0F351959EB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98EE2C3A-67C4-45D5-80EE-3819F5AB1133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4C94F7-4093-46B5-9B2E-9F3B2BD462DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9B7918-C678-4CE8-97B1-52AF3E17A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10D9719B-B6AE-4AA1-9767-FD85DE12782B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5C64CA72-E6D6-4981-AA23-447EA7FAFD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57CE98F9-FA6B-49D0-8410-BCD188E2F64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "64A5D6D9-D045-4A0A-BBAB-21F2C228BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "595AFA35-92B5-4957-A2AA-DF9E09990438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45836D34-A47C-49F6-9A1A-3F8160611058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "89ED36F8-4D8C-406E-BE8A-F8C374227F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "28D0CB97-3F6A-4CD6-A9A4-2F6743E13F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9923E4E2-ADB1-4729-97AE-C4EA19D5E6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "69E01C9E-5B90-4044-B002-87A741CA6AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F295-2C75-4260-9A3F-A7A225B36EB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response."
},
{
"lang": "es",
"value": "s2s/out.c en jabberd2 v2.2.16 y anteriores no comprueba que se presente una solicitud para una respuesta XMPP Server Dialback, lo que permite a servidores remotos de XMPP falsificar dominios a trav\u00e9s (1) Verify Response o (2) Authorization Response."
}
],
"id": "CVE-2012-3525",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-25T16:55:00.837",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50124"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50859"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…