Vulnerability in Igniterealtime Smack_api
CVE-2014-5075
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 ce…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.002 (46.7th percentile) — read the EPSS interpretation.
Affected products
- Igniterealtime Smack_api
- Redhat Jboss_fuse
- N/a — versions n/a
Weakness classification (CWE)
References
- 59915 (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- RHSA-2015:1176 (x_refsource_REDHAT, vendor-advisory)
- 69064 (vdb-entry, x_refsource_BID)