Описание
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.0 (включая)
cpe:2.3:a:tigase:tigase_xmpp_server:*:beta2:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00401
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
EPSS
Процентиль: 60%
0.00401
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-20