Описание
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
Ссылки
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingVendor Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.9 (исключая)
cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00388
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-362
Связанные уязвимости
CVSS3: 7.5
redhat
около 9 лет назад
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVSS3: 5.9
debian
около 9 лет назад
Race condition in the XMPP library in Smack before 4.1.9, when the Sec ...
EPSS
Процентиль: 59%
0.00388
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-362