Vulnerability Description
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jappix Project | Jappix | 1.0.0 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2017/02/09/29ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/96176
- https://github.com/jappix/jappix/commit/ea6de7c65b80880bdf85df47c1a8a5d3d68491afPatch
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ExploitTechnical DescriptionThird Party Advisory
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdExploitTechnical DescriptionThird Party Advisory
- http://openwall.com/lists/oss-security/2017/02/09/29ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/96176
- https://github.com/jappix/jappix/commit/ea6de7c65b80880bdf85df47c1a8a5d3d68491afPatch
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ExploitTechnical DescriptionThird Party Advisory
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2017-5602?
CVE-2017-5602 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This ...
How severe is CVE-2017-5602?
CVE-2017-5602 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5602?
Check the references section above for vendor advisories and patch information. Affected products include: Jappix Project Jappix.