5

CVE-2009-3026

EPSS 0.53%
Veröffentlicht 31.08.2009 20:30:01
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pidgin ≫ Pidgin Version2.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.644

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/37071

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891

http://developer.pidgin.im/ticket/8131

http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279

Patch

http://www.openwall.com/lists/oss-security/2009/08/24/2

http://www.securityfocus.com/bid/36368

https://exchange.xforce.ibmcloud.com/vulnerabilities/53000

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757

https://nvd.nist.gov/vuln/detail/CVE-2009-3026

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3026

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3026

EUVD