NVD

Id
46007  
Name
CVE-2012-4670  
Description
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-08-25  
Modified Date
2013-03-01  
Seq
2012-4670  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
231042 46007 CVE-2012-4670 http://www.tigase.org/content/finally-version-510-final-available  View
231043 46007 CVE-2012-4670 tigase-xmpp-spoofing(77985)  View
231044 46007 CVE-2012-4670 http://xmpp.org/resources/security-notices/server-dialback/  View
231045 46007 CVE-2012-4670 https://projects.tigase.org/projects/tigase-server/repository/revisions/2953/diff  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
28181 JVNDB-2012-003888 Tigase XMPP Server におけるドメインになりすまされる脆弱性 Tigase XMPP Server は、XMPP Server Dialback 応答のためのリクエストであることを検証しないため、ドメインになりすまされる脆弱性が存在します。 CVE-2012-4670 57908 CVE-2012-4670 46007 6.4 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003888.html 2012-08-21 2012-08-28 View