CVE-2014-0363

Severity

57%

Complexity

86%

Confidentiality

81%

Per: http://cwe.mitre.org/data/definitions/358.html "CWE-358: Improperly Implemented Security Check for Standard"

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

Per: http://cwe.mitre.org/data/definitions/358.html "CWE-358: Improperly Implemented Security Check for Standard"

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

Type

igniterealtime Smack

First reported 10 years ago

2014-04-30 10:49:00

Last updated 8 years ago

2017-01-07 02:59:00

Affected Software

igniterealtime Smack 2.2.0

2.2.0

igniterealtime Smack 2.2.1

2.2.1

igniterealtime Smack 3.0.0

3.0.0

igniterealtime Smack 3.0.1

3.0.1

igniterealtime Smack 3.0.2

3.0.2

igniterealtime Smack 3.0.3

3.0.3

igniterealtime Smack 3.1.0

3.1.0

igniterealtime Smack 3.2.0

3.2.0

igniterealtime Smack 3.2.1

3.2.1

igniterealtime Smack 3.2.2

3.2.2

igniterealtime Smack 3.3.0

3.3.0

igniterealtime Smack 3.3.1

3.3.1

igniterealtime Smack 3.4.0

3.4.0

igniterealtime Smack 4.0.0 snapshot-2014-02-16

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-02-18

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-02-19

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-02-20

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-02-21

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-02-23

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-02

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-03

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-10

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-11

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-12

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-13

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-16

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-18

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-21

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-25

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-26

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-03-29

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-04-06

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-04-09

4.0.0

igniterealtime Smack 4.0.0 snapshot-2014-04-13

4.0.0

References

http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released

http://issues.igniterealtime.org/browse/SMACK-410

RHSA-2015:1176

59290

59291

VU#489228

US Government Resource

67119

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.