CVE-2012-4670

Tigase XMPP Server < 5.1.0 - Domain Spoofing via Unverified Server Dialback Response

Title source: llm
STIX 2.1

Description

Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77985

Scores

EPSS 0.0131
EPSS Percentile 67.2%

Details

CWE
CWE-20
Status published
Products (1)
tigase/tigase_xmpp_server < 5.1.0
Published Aug 25, 2012
Tracked Since Feb 18, 2026