Lucene search
PRIOn knowledge basePRION:CVE-2014-5075HistoryOct 25, 2014 - 9:55 p.m.
Design/Logic Flaw
2014-10-2521:55:00
PRIOn knowledge base
www.prio-n.com
8
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| CPE | Name | Operator | Version |
|---|---|---|---|
| smack_api | le | 4.0.1 | |
| jboss_fuse | le | 6.1.0 |
Related
nvd
nvd
CVE-2014-5075
2014-10-25 21:55:04
cve
cve
CVE-2014-5075
2014-10-25 21:55:04
nessus
nessus
Fedora 20 : smack-3.2.2-5.fc20 (2014-9694)
2014-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: smack-3.2.2-5.fc20
2014-09-02 06:45:39
[SECURITY] Fedora 20 Update: smack-3.2.2-6.fc20
2014-12-15 04:29:51
securityvulns
securityvulns
Snack insufficient certificate check
2014-08-11 00:00:00
CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java
2014-08-11 00:00:00
openvas
openvas
Fedora Update for smack FEDORA-2014-9694
2014-09-03 00:00:00
Mageia: Security Advisory (MGASA-2014-0548)
2022-01-28 00:00:00
Fedora Update for smack FEDORA-2014-16383
2014-12-15 00:00:00
cvelist
cvelist
CVE-2014-5075
2014-10-25 21:00:00
mageia
mageia
Updated smack packages fix security vulnerabilities
2014-12-26 20:04:58
redhat
redhat
(RHSA-2015:1176) Important: Red Hat JBoss Fuse 6.2.0 update
2015-06-23 16:46:09