5

CVE-2009-3026

EPSS 0.53%
Published 31.08.2009 20:30:01
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Pidgin ≫ Pidgin Version2.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.53%	0.644

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/37071

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891

http://developer.pidgin.im/ticket/8131

http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279

Patch

http://www.openwall.com/lists/oss-security/2009/08/24/2

http://www.securityfocus.com/bid/36368

https://exchange.xforce.ibmcloud.com/vulnerabilities/53000

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757

https://nvd.nist.gov/vuln/detail/CVE-2009-3026

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3026

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3026

EUVD