Описание
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | smack | Will not fix | ||
| Red Hat JBoss Fuse 6 | camel | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1406703smack: TLS SecurityMode.required bypass via StripTLS attack
7.5 High
CVSS3
5.4 Medium
CVSS2
Связанные уязвимости
CVSS3: 5.9
nvd
около 9 лет назад
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVSS3: 5.9
debian
около 9 лет назад
Race condition in the XMPP library in Smack before 4.1.9, when the Sec ...
7.5 High
CVSS3
5.4 Medium
CVSS2