VDB

GCVE-VVD-MAGEIA-2014-548

GCVE-VVD-MAGEIA-2014-548
Advisory Published
Vulnetix · Advisory published December 26, 2014
Updated smack packages fix security vulnerabilities: The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain (CVE-2014-0363). The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate (CVE-2014-5075).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiasmack0 (affected), 3.2.2-4.1.mga4 (unaffected)

References

Updated smack packages fix security vulnerabilities
advisory
Updated smack packages fix security vulnerabilities
issue
Updated smack packages fix security vulnerabilities
issue
Updated smack packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›