CVE-2017-10807

Опубликовано: 07 июл. 2017

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

Отчет

Red Hat Enterprise Satellite 5 is now in phase 3 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Satellite 5	jabberd	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-304

https://bugzilla.redhat.com/show_bug.cgi?id=1468566jabberd: Jabberd before 2.6.1 allows anyone to authenticate using SASLANONYMOUS even when this option is disabled

EPSS

Процентиль: 81%

0.01574

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-10807

CVSS3: 9.8

ubuntu

больше 8 лет назад

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

CVE-2017-10807

CVSS3: 9.8

nvd

больше 8 лет назад

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

CVE-2017-10807

CVSS3: 9.8

debian

больше 8 лет назад

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate ...

GHSA-cv95-3vq8-8f64

CVSS3: 9.8

github

больше 3 лет назад

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

EPSS

Процентиль: 81%

0.01574

Низкий

6.5 Medium

CVSS3