CVE-2014-0363

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-0363
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released Vendor Advisory
http://issues.igniterealtime.org/browse/SMACK-410 Issue Tracking Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1176.html Third Party Advisory
http://secunia.com/advisories/59290 Third Party Advisory
http://secunia.com/advisories/59291 Third Party Advisory
http://www.kb.cert.org/vuls/id/489228 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/67119 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*
History

23 Feb 2021, 16:12

Type Values Removed Values Added
CWE CWE-254 CWE-295
CPE cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-02-23:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-16:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-12:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-11:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-18:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-26:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-21:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-13:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-04-06:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-10:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-04-13:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-04-09:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-29:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-02-16:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:*:snapshot-2014-04-15:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-02-19:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-02:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-02-21:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-02-18:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:*:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-02-20:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-25:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:smack:4.0.0:snapshot-2014-03-03:*:*:*:*:*:*		 cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*
References (CONFIRM) http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released - (CONFIRM) http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released - Vendor Advisory
References (BID) http://www.securityfocus.com/bid/67119 - (BID) http://www.securityfocus.com/bid/67119 - Third Party Advisory, VDB Entry
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1176.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1176.html - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/59290 - (SECUNIA) http://secunia.com/advisories/59290 - Third Party Advisory
References (CONFIRM) http://issues.igniterealtime.org/browse/SMACK-410 - (CONFIRM) http://issues.igniterealtime.org/browse/SMACK-410 - Issue Tracking, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/59291 - (SECUNIA) http://secunia.com/advisories/59291 - Third Party Advisory
References (CERT-VN) http://www.kb.cert.org/vuls/id/489228 - US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/489228 - Third Party Advisory, US Government Resource
Information

Published : 2014-04-30 10:49

Updated : 2023-12-10 11:31

NVD link : CVE-2014-0363

Mitre link : CVE-2014-0363

CVE.ORG link : CVE-2014-0363

JSON object : View

Products Affected

igniterealtime

  • smack
CWE
CWE-295

Improper Certificate Validation