{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-12-19T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2012:1538", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"}, {"name": "[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"}, {"name": "[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"}, {"name": "55167", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55167"}, {"name": "50124", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50124"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"}, {"name": "APPLE-SA-2013-03-14-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"}, {"tags": ["x_refsource_MISC"], "url": "http://xmpp.org/resources/security-notices/server-dialback/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"}, {"name": "RHSA-2012:1539", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"}, {"name": "[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"}, {"name": "50859", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50859"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.865Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2012:1538", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"}, {"name": "[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"}, {"name": "[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"}, {"name": "55167", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55167"}, {"name": "50124", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50124"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"}, {"name": "APPLE-SA-2013-03-14-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://xmpp.org/resources/security-notices/server-dialback/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"}, {"name": "RHSA-2012:1539", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"}, {"name": "[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"}, {"name": "50859", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50859"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3525", "datePublished": "2012-08-25T16:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:05:12.865Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jabber2:jabberd2:2.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "24C9A9BA-FC37-4FED-B03B-02FD87DF4B51", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AA058DB-6786-489E-B560-1AE154607AAC", "versionEndIncluding": "2.2.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "38A57C87-1E18-4DEC-864F-BFECA74FB8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B3405FB-CEBD-4E9B-809C-CC436DB491CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F7C16361-0A6A-46F1-9154-0EBAEF9424DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DB738B5C-F549-4171-93F8-821F06D09B6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "136B0689-05C4-47AF-BCFC-5BAAD62DD2A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BA729702-72F3-4BB4-8647-8938DDCA65B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E32A9A5F-7669-4EC1-804E-8FDAD5FD3FAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "713D733B-C056-4A87-A0F3-669BD2B97EA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "5B695154-C52C-4A26-AB56-B9D301268BB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "33D8A7D9-1565-4CA2-832B-3B5A800E7185", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "64DA6F74-7F66-4C47-A05A-1F1143FEBF24", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "9A7B360C-9222-4862-A1A3-D939D8E5B906", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "BCC4B150-E318-430D-AB53-7FC4235534E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "2E0A1409-AA29-4393-AF76-38D2F6621BDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "B389FE79-E88D-4BD3-A3DB-5015FF9E78C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "12B9B5DE-912B-4D76-A428-2A614918C1B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "ACCAEDE2-B0C2-48CB-B0C3-594A6569B904", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "C1B73387-35EC-440C-8B93-879BD66E39F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "47426695-4686-4736-B27E-6800ACB43CF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "6F846FB8-DCDA-4A24-9DD7-2F9C9AC3833F", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "8C9B9D48-5848-4313-9EDF-FDE562875EDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.22:*:*:*:*:*:*:*", "matchCriteriaId": "AB5C31E5-2441-4C53-9E10-3AB33FCF11A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.23:*:*:*:*:*:*:*", "matchCriteriaId": "703383CD-DF8D-4DA1-B322-8DE9E847A8CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.1.24:*:*:*:*:*:*:*", "matchCriteriaId": "B8A9F0E1-0A41-4C98-8467-0578D98AD0BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "769A2F0A-816C-458A-B579-CE8BB8FF5A12", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0BD3313-4CF5-44EE-91EC-D6F0C23D0342", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D3E1C3C-FB3B-4941-A879-0F351959EB8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "98EE2C3A-67C4-45D5-80EE-3819F5AB1133", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "DB4C94F7-4093-46B5-9B2E-9F3B2BD462DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "2D9B7918-C678-4CE8-97B1-52AF3E17A356", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "10D9719B-B6AE-4AA1-9767-FD85DE12782B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "5C64CA72-E6D6-4981-AA23-447EA7FAFD7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "57CE98F9-FA6B-49D0-8410-BCD188E2F64C", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "64A5D6D9-D045-4A0A-BBAB-21F2C228BC2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "595AFA35-92B5-4957-A2AA-DF9E09990438", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "45836D34-A47C-49F6-9A1A-3F8160611058", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "89ED36F8-4D8C-406E-BE8A-F8C374227F8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "28D0CB97-3F6A-4CD6-A9A4-2F6743E13F35", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "9923E4E2-ADB1-4729-97AE-C4EA19D5E6C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "69E01C9E-5B90-4044-B002-87A741CA6AA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jabberd2:jabberd2:2.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "9042F295-2C75-4260-9A3F-A7A225B36EB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response."}, {"lang": "es", "value": "s2s/out.c en jabberd2 v2.2.16 y anteriores no comprueba que se presente una solicitud para una respuesta XMPP Server Dialback, lo que permite a servidores remotos de XMPP falsificar dominios a trav\u00e9s (1) Verify Response o (2) Authorization Response."}], "id": "CVE-2012-3525", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-25T16:55:00.837", "references": [{"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50124"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50859"}, {"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/55167"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://xmpp.org/resources/security-notices/server-dialback/"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/50859"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://xmpp.org/resources/security-notices/server-dialback/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:1539", "cpe": "cpe:/a:redhat:network_proxy:5.5::el5", "package": "jabberd-0:2.2.8-20.el5sat", "product_name": "Red Hat Network Proxy v 5.5", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1538", "cpe": "cpe:/a:redhat:network_satellite:5.5::el5", "package": "jabberd-0:2.2.8-20.el5sat", "product_name": "Red Hat Network Satellite Server v 5.5", "release_date": "2012-12-04T00:00:00Z"}], "bugzilla": {"description": "jabberd: Prone to unsolicited XMPP Dialback attacks", "id": "850872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response."], "name": "CVE-2012-3525", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5.4", "fix_state": "Affected", "package_name": "jabberd", "product_name": "Red Hat Satellite 5.4"}, {"cpe": "cpe:/a:redhat:network_proxy:5.4", "fix_state": "Affected", "package_name": "jabberd", "product_name": "Red Hat Satellite Proxy 5.4"}], "public_date": "2012-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3525\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3525"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}