Описание
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.0 (исключая)
cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00434
Низкий
5 Medium
CVSS2
Дефекты
CWE-345
Связанные уязвимости
redhat
около 12 лет назад
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
github
больше 3 лет назад
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
EPSS
Процентиль: 62%
0.00434
Низкий
5 Medium
CVSS2
Дефекты
CWE-345