PT-2014-3592 · Ignite Realtime · Smack Xmpp Api

Florian Schmaus

+1

·

Publicado

2014-04-30

·

Atualizado

2021-02-23

·

CVE-2014-0363

CVSS v2.0

5.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Smack XMPP API versions prior to 4.0.0-rc1
Description The issue concerns the ServerTrustManager component, which fails to verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers. This allows attackers to spoof servers and obtain sensitive information via a crafted certificate chain.
Recommendations For versions prior to 4.0.0-rc1, update to version 4.0.0-rc1 or later to resolve the issue.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2014-0363
MGASA-2014-0548

Produtos afetados

Smack Xmpp Api