|Bugzilla:||850872: CVE-2012-3525 jabberd: Prone to unsolicited XMPP Dialback attacks|
The MITRE CVE dictionary describes this issue as:
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Satellite 5.5 (RHEL v.5) (jabberd)||RHSA-2012:1538||December 04, 2012|
|Red Hat Satellite 5.5 (RHEL v.6) (jabberd)||RHSA-2012:1538||December 04, 2012|
|Red Hat Satellite Proxy 5.5 (RHEL v.5) (jabberd)||RHSA-2012:1539||December 04, 2012|
|Red Hat Satellite Proxy 5.5 (RHEL v.6) (jabberd)||RHSA-2012:1539||December 04, 2012|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.