CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5075 – smack: MitM vulnerability
https://notcve.org/view.php?id=CVE-2014-5075
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. La API Ignite Realtime Smack XMPP 4.x anterior a 4.0.2, y 3.x y 2.x cuando se utiliza un SSLContext personalizado, no verifica que el nombre del servidor coincide con un nombre de dominio en el campo de asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle suplantar los servidores SSL a través de un certificado válido arbitrario. It was found that SSLSocket in Smack did not perform hostname verification. An attacker could redirect traffic between an application and an XMPP server by providing a valid certificate for a domain under the attacker's control. • http://op-co.de/CVE-2014-5075.html http://rhn.redhat.com/errata/RHSA-2015-1176.html http://secunia.com/advisories/59915 http://www.securityfocus.com/bid/69064 https://access.redhat.com/security/cve/CVE-2014-5075 https://bugzilla.redhat.com/show_bug.cgi?id=1127276 • CWE-310: Cryptographic Issues •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0363 – smack: incorrect X.509 certificate validation
https://notcve.org/view.php?id=CVE-2014-0363
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain. El componente ServerTrustManager en la API Ignite Realtime Smack XMPP anterior a 4.0.0-rc1 no verifica las extensiones basicConstraints y nameConstraints en cadenas de certificados X.509 de servidores SSL, lo que permite a un atacante ealizar un ataque man-in-the-middle, falsificar servidores y obtener información sensible a través de una cadena de certificados manipulados. It was found that the ServerTrustManager in the Smack XMPP API did not verify basicConstraints and nameConstraints in X.509 certificate chains. A man-in-the-middle attacker could use this flaw to spoof servers and obtain sensitive information. • http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released http://issues.igniterealtime.org/browse/SMACK-410 http://rhn.redhat.com/errata/RHSA-2015-1176.html http://secunia.com/advisories/59290 http://secunia.com/advisories/59291 http://www.kb.cert.org/vuls/id/489228 http://www.securityfocus.com/bid/67119 https://access.redhat.com/security/cve/CVE-2014-0363 https://bugzilla.redhat.com/show_bug.cgi?id=1093273 • CWE-295: Improper Certificate Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0364 – smack: IQ response spoofing
https://notcve.org/view.php?id=CVE-2014-0364
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute. El componente ParseRoster en la API Ignite Realtime Smack XMPP anterior a 4.0.0-rc1 no verifica el atributo from de la cadena roster-query IQ, lo que permite a atacantes remotos falsificar respuestas IQ a través de un atributo manipulado. It was found that the ParseRoster component in the Smack XMPP API did not verify the From attribute of a roster-query IQ stanza. A remote attacker could use this flaw to spoof IQ responses. • http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released http://rhn.redhat.com/errata/RHSA-2015-1176.html http://secunia.com/advisories/59290 http://secunia.com/advisories/59291 http://www.kb.cert.org/vuls/id/489228 http://www.securityfocus.com/bid/67124 https://access.redhat.com/security/cve/CVE-2014-0364 https://bugzilla.redhat.com/show_bug.cgi?id=1093276 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-2741
https://notcve.org/view.php?id=CVE-2014-2741
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. El archivo nio/XMLLightweightParser.java en Ignite Realtime Openfire anterior a versión 3.9.2, no restringe apropiadamente el procesamiento de elementos XML comprimidos, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de una secuencia XMPP diseñada, también conocido como ataque "xmppbomb" . • http://community.igniterealtime.org/thread/52317 http://fisheye.igniterealtime.org/changelog/openfiregit?cs=3aec383e07ee893b77396fe946766bbd3758af77 http://openwall.com/lists/oss-security/2014/04/07/7 http://openwall.com/lists/oss-security/2014/04/09/1 http://www.kb.cert.org/vuls/id/495476 http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 29EXPL: 4CVE-2009-1595 – Openfire 3.x - jabber:iq:auth 'passwd_change' Remote Password Change
https://notcve.org/view.php?id=CVE-2009-1595
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. La implementación jabber:iq:auth en IQAuthHandler.java de Ignite Realtime Openfire v3.6.5 permite a usuarios remotos autenticados cambiar las contraseñas de cuentas de usuario de su elección a través de un elemento "username" (nombre de usuario) modificado en la acción passwd_change. • https://www.exploit-db.com/exploits/32967 http://osvdb.org/54189 http://secunia.com/advisories/34976 http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html http://www.igniterealtime.org/community/message/190280 http://www.igniterealtime.org/issues/browse/JM-1531 http://www.securityfocus.com/bid/34804 http://www.vupen.com/english/advisories/2009/1237 https://exchange.xforce.ibmcloud.com/vulnerabilities/50292 • CWE-287: Improper Authentication •