SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2012-3525

s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE

Reference:

SECUNIA-50124

SECUNIA-50859

BID-55167

APPLE-SA-2013-03-14-1

RHSA-2012:1538

RHSA-2012:1539

http://www.openwall.com/lists/oss-security/2012/08/22/5

http://www.openwall.com/lists/oss-security/2012/08/22/6

http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html

http://xmpp.org/resources/security-notices/server-dialback/

https://bugzilla.redhat.com/show_bug.cgi?id=850872

https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d


30479



423868



248149



909



194803



282