Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ignite Realtime Smack XMPP API ServerTrustManager组件信息泄露漏洞
Vulnerability Description
Ignite Realtime Smack XMPP API是IgniteRealtime社区的一个开源的XMPP(前称Jabber,即时通讯软件)客户端库。 Ignite Realtime Smack XMPP API 4.0.0:snapshot-2014-04-15及之前版本的ServerTrustManager组件存在安全漏洞,该漏洞源于程序没有验证SSL服务器端的X.509证书链中的basicConstraints和nameConstraints扩展。攻击者可借助特制的证书链利用该漏洞实施中间人
CVSS Information
N/A
Vulnerability Type
N/A