CVE-2012-3525
EPSS 2.9%
Description
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
How to fix CVE-2012-3525
To remediate CVE-2012-3525, upgrade the affected package to a fixed version below.
- Debian/jabberd2—upgrade to 2.2.17-1 or later
Is CVE-2012-3525 being exploited?
Low — EPSS is 2.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.17-1