VYPR

Jabberd2

by Jabberstudio

Source repositories

CVEs (6)

  • CVE-2017-10807CriJul 4, 2017
    risk 0.64cvss 9.8epss 0.03

    JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

  • CVE-2017-18225HigMar 12, 2018
    risk 0.51cvss 7.8epss 0.00

    The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for…

  • CVE-2011-1755HigJun 21, 2011
    risk 0.49cvss 7.5epss 0.04

    jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to…

  • CVE-2017-18226MedMar 12, 2018
    risk 0.36cvss 5.5epss 0.00

    The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat…

  • CVE-2015-2058Aug 12, 2015
    risk 0.00cvss epss 0.02

    c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.

  • CVE-2012-3525Aug 25, 2012
    risk 0.00cvss epss 0.02

    s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.