CVE-2014-0364

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*

Information

Published : 2014-04-30 03:49

Updated : 2021-02-23 08:13


NVD link : CVE-2014-0364

Mitre link : CVE-2014-0364


JSON object : View

CWE
CWE-345

Insufficient Verification of Data Authenticity

Advertisement

dedicated server usa

Products Affected

igniterealtime

  • smack