5.8

CVE-2012-3525

Exploit
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jabber2Jabberd2 Version2.1.19
Jabberd2Jabberd2 Version <= 2.2.16
Jabberd2Jabberd2 Version2.1
Jabberd2Jabberd2 Version2.1.1
Jabberd2Jabberd2 Version2.1.2
Jabberd2Jabberd2 Version2.1.3
Jabberd2Jabberd2 Version2.1.4
Jabberd2Jabberd2 Version2.1.5
Jabberd2Jabberd2 Version2.1.6
Jabberd2Jabberd2 Version2.1.7
Jabberd2Jabberd2 Version2.1.8
Jabberd2Jabberd2 Version2.1.9
Jabberd2Jabberd2 Version2.1.10
Jabberd2Jabberd2 Version2.1.11
Jabberd2Jabberd2 Version2.1.12
Jabberd2Jabberd2 Version2.1.13
Jabberd2Jabberd2 Version2.1.14
Jabberd2Jabberd2 Version2.1.15
Jabberd2Jabberd2 Version2.1.16
Jabberd2Jabberd2 Version2.1.17
Jabberd2Jabberd2 Version2.1.18
Jabberd2Jabberd2 Version2.1.20
Jabberd2Jabberd2 Version2.1.21
Jabberd2Jabberd2 Version2.1.22
Jabberd2Jabberd2 Version2.1.23
Jabberd2Jabberd2 Version2.1.24
Jabberd2Jabberd2 Version2.2.0
Jabberd2Jabberd2 Version2.2.1
Jabberd2Jabberd2 Version2.2.2
Jabberd2Jabberd2 Version2.2.3
Jabberd2Jabberd2 Version2.2.4
Jabberd2Jabberd2 Version2.2.5
Jabberd2Jabberd2 Version2.2.6
Jabberd2Jabberd2 Version2.2.7
Jabberd2Jabberd2 Version2.2.7.1
Jabberd2Jabberd2 Version2.2.8
Jabberd2Jabberd2 Version2.2.9
Jabberd2Jabberd2 Version2.2.10
Jabberd2Jabberd2 Version2.2.11
Jabberd2Jabberd2 Version2.2.12
Jabberd2Jabberd2 Version2.2.13
Jabberd2Jabberd2 Version2.2.14
Jabberd2Jabberd2 Version2.2.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.73% 0.746
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://rhn.redhat.com/errata/RHSA-2012-1538.html
http://rhn.redhat.com/errata/RHSA-2012-1539.html
http://secunia.com/advisories/50124
Vendor Advisory
http://secunia.com/advisories/50859
http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html
http://www.openwall.com/lists/oss-security/2012/08/22/5
http://www.openwall.com/lists/oss-security/2012/08/22/6
http://www.securityfocus.com/bid/55167
http://xmpp.org/resources/security-notices/server-dialback/
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=850872
https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d
Patch
Exploit