Unrated severityNVD Advisory· Published Aug 25, 2012· Updated Apr 29, 2026
CVE-2012-3525
CVE-2012-3525
Description
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
Affected products
43cpe:2.3:a:jabber2:jabberd2:2.1.19:*:*:*:*:*:*:*+ 42 more
- cpe:2.3:a:jabber2:jabberd2:2.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:*:*:*:*:*:*:*:*range: <=2.2.16
- cpe:2.3:a:jabberd2:jabberd2:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.24:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:jabberd2:jabberd2:2.2.9:*:*:*:*:*:*:*
Patches
1aabcffae560dhttps://github.com/Jabberd2/jabberd2via nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
12- github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4dnvdExploitPatch
- secunia.com/advisories/50124nvdVendor Advisory
- xmpp.org/resources/security-notices/server-dialback/nvdVendor Advisory
- lists.apple.com/archives/security-announce/2013/Mar/msg00002.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-1538.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-1539.htmlnvd
- secunia.com/advisories/50859nvd
- www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.htmlnvd
- www.openwall.com/lists/oss-security/2012/08/22/5nvd
- www.openwall.com/lists/oss-security/2012/08/22/6nvd
- www.securityfocus.com/bid/55167nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.