CVE-2014-0364

N/A Unknown

Published: April 30, 2014 Modified: May 06, 2026

Description

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released

Source: cret@cert.org

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1176.html

Source: cret@cert.org

Third Party Advisory

http://secunia.com/advisories/59290

Source: cret@cert.org

Third Party Advisory

http://secunia.com/advisories/59291

Source: cret@cert.org

Third Party Advisory

http://www.kb.cert.org/vuls/id/489228

Source: cret@cert.org

Third Party Advisory US Government Resource

http://www.securityfocus.com/bid/67124

Source: cret@cert.org

Third Party Advisory VDB Entry

http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released