CVE-2017-10807

Опубликовано: 04 июл. 2017

Источник: debian

Описание

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jabberd2	fixed	2.6.1-1		package

Примечания

Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1

Связанные уязвимости

CVE-2017-10807

CVSS3: 9.8

ubuntu

больше 8 лет назад

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

CVE-2017-10807

CVSS3: 6.5

redhat

больше 8 лет назад

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

CVE-2017-10807

CVSS3: 9.8

nvd

больше 8 лет назад

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

GHSA-cv95-3vq8-8f64

CVSS3: 9.8

github

больше 3 лет назад

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.