Vulnerability Description
The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Otr | Gajim-Otr | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/10/30/11Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/10/30/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/94099Third Party AdvisoryVDB Entry
- https://dev.gajim.org/gajim/gajim-plugins/issues/145Issue TrackingPatch
- https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321aPermissions Required
- http://www.openwall.com/lists/oss-security/2016/10/30/11Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/10/30/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/94099Third Party AdvisoryVDB Entry
- https://dev.gajim.org/gajim/gajim-plugins/issues/145Issue TrackingPatch
- https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321aPermissions Required
FAQ
What is CVE-2016-9107?
CVE-2016-9107 is a vulnerability with a CVSS score of 7.5 (HIGH). The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors.
How severe is CVE-2016-9107?
CVE-2016-9107 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9107?
Check the references section above for vendor advisories and patch information. Affected products include: Otr Gajim-Otr.