Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9
CVE-2016-10027
- EPSS 0.39%
- Published 12.01.2017 23:59:00
- Last modified 20.04.2025 01:37:25
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "s...
5.8
CVE-2014-0363
- EPSS 2.82%
- Published 30.04.2014 10:49:04
- Last modified 12.04.2025 10:46:40
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and o...
- EPSS 1.51%
- Published 30.04.2014 10:49:04
- Last modified 12.04.2025 10:46:40
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
1