CVE-2012-3525

Published: Aug 25, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2012:1538

vendor-advisory

x_refsource_REDHAT

[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks

mailing-list

x_refsource_MLIST

[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks

mailing-list

x_refsource_MLIST

55167

vdb-entry

x_refsource_BID

50124

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=850872

x_refsource_MISC

APPLE-SA-2013-03-14-1

vendor-advisory

x_refsource_APPLE

http://xmpp.org/resources/security-notices/server-dialback/

x_refsource_MISC

https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d

x_refsource_CONFIRM

RHSA-2012:1539

vendor-advisory

x_refsource_REDHAT

[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations

mailing-list

x_refsource_MLIST

50859

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-3525

Description

Affected Products

References