Lucene search

MitreCVE-2014-3451

HistoryAug 18, 2017 - 6:29 p.m.

CVE-2014-3451

2017-08-1818:29:00

CWE-295

mitre

web.nvd.nist.gov

openfire

xmpp

server

spoofing

attack

cve-2014-3451

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

75.7%

JSON

OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.

Affected configurations

Nvd

Node

igniterealtimeopenfireRange≤3.9.3

VendorProductVersionCPE
igniterealtimeopenfire*cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
igniterealtime	openfire	*	cpe:2.3:a:igniterealtime:openfire::::::::

References

packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html

www.openwall.com/lists/oss-security/2015/04/23/16

www.securityfocus.com/archive/1/535363/100/1100/threaded

www.securityfocus.com/bid/74305

community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

75.7%

JSON

Related for CVE-2014-3451