Unrated severityNVD Advisory· Published Apr 30, 2014· Updated Jun 17, 2026
CVE-2014-0363
CVE-2014-0363
Description
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*range: <4.0.0
- (no CPE)range: <4.0.0-rc1
Patches
Vulnerability mechanics
References
7- community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-releasednvdVendor Advisory
- issues.igniterealtime.org/browse/SMACK-410nvdIssue TrackingVendor Advisory
- rhn.redhat.com/errata/RHSA-2015-1176.htmlnvdThird Party Advisory
- secunia.com/advisories/59290nvdThird Party Advisory
- secunia.com/advisories/59291nvdThird Party Advisory
- www.kb.cert.org/vuls/id/489228nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/67119nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.