 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| CVE Kennung: | CVE-2009-3026 |
| Beschreibung: | protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. |
| Test Kennungen: | Nicht verfügbar |
| Querverweise: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-3026 BugTraq ID: 36368 http://www.securityfocus.com/bid/36368 http://www.openwall.com/lists/oss-security/2009/08/24/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757 http://secunia.com/advisories/37071 XForce ISS Database: pidgin-libpurple-weak-security(53000) https://exchange.xforce.ibmcloud.com/vulnerabilities/53000 |