Vulnerability Description
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jabberd2 | Jabberd2 | <= 2.6.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3902
- http://www.securityfocus.com/bid/99511Third Party AdvisoryVDB Entry
- https://bugs.debian.org/867032Third Party Advisory
- https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9cThird Party Advisory
- https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1Third Party Advisory
- http://www.debian.org/security/2017/dsa-3902
- http://www.securityfocus.com/bid/99511Third Party AdvisoryVDB Entry
- https://bugs.debian.org/867032Third Party Advisory
- https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9cThird Party Advisory
- https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1Third Party Advisory
FAQ
What is CVE-2017-10807?
CVE-2017-10807 is a vulnerability with a CVSS score of 9.8 (CRITICAL). JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
How severe is CVE-2017-10807?
CVE-2017-10807 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-10807?
Check the references section above for vendor advisories and patch information. Affected products include: Jabberd2 Jabberd2.