Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2012-3525

s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

  • Published: Aug 25, 2012
  • Updated: Nov 9, 2025
  • CVE: CVE-2012-3525
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

Software From Fixed in
jabberd2 / jabberd2 2.1.2 2.1.2.x
jabberd2 / jabberd2 2.1.9 2.1.9.x
jabberd2 / jabberd2 2.1.23 2.1.23.x
jabberd2 / jabberd2 2.2.7.1 2.2.7.1.x
jabberd2 / jabberd2 2.1.1 2.1.1.x
jabberd2 / jabberd2 2.1.5 2.1.5.x
jabberd2 / jabberd2 2.2.10 2.2.10.x
jabberd2 / jabberd2 2.2.0 2.2.0.x
jabberd2 / jabberd2 2.1.8 2.1.8.x
jabberd2 / jabberd2 2.2.2 2.2.2.x
jabberd2 / jabberd2 2.1.12 2.1.12.x
jabberd2 / jabberd2 2.2.8 2.2.8.x
jabberd2 / jabberd2 2.1.18 2.1.18.x
jabberd2 / jabberd2 2.1.22 2.1.22.x
jabberd2 / jabberd2 - 2.2.16.x
jabberd2 / jabberd2 2.2.7 2.2.7.x
jabberd2 / jabberd2 2.2.5 2.2.5.x
jabberd2 / jabberd2 2.2.13 2.2.13.x
jabberd2 / jabberd2 2.1.10 2.1.10.x
jabberd2 / jabberd2 2.1 2.1.x
jabberd2 / jabberd2 2.1.15 2.1.15.x
jabberd2 / jabberd2 2.2.15 2.2.15.x
jabberd2 / jabberd2 2.2.1 2.2.1.x
jabberd2 / jabberd2 2.1.11 2.1.11.x
jabberd2 / jabberd2 2.1.4 2.1.4.x
jabberd2 / jabberd2 2.1.17 2.1.17.x
jabberd2 / jabberd2 2.2.12 2.2.12.x
jabberd2 / jabberd2 2.1.7 2.1.7.x
jabberd2 / jabberd2 2.1.20 2.1.20.x
jabberd2 / jabberd2 2.2.3 2.2.3.x
jabber2 / jabberd2 2.1.19 2.1.19.x
jabberd2 / jabberd2 2.1.24 2.1.24.x
jabberd2 / jabberd2 2.1.16 2.1.16.x
jabberd2 / jabberd2 2.1.14 2.1.14.x
jabberd2 / jabberd2 2.2.6 2.2.6.x
jabberd2 / jabberd2 2.2.9 2.2.9.x
jabberd2 / jabberd2 2.1.6 2.1.6.x
jabberd2 / jabberd2 2.2.11 2.2.11.x
jabberd2 / jabberd2 2.1.3 2.1.3.x
jabberd2 / jabberd2 2.2.4 2.2.4.x
jabberd2 / jabberd2 2.1.13 2.1.13.x
jabberd2 / jabberd2 2.1.21 2.1.21.x
jabberd2 / jabberd2 2.2.14 2.2.14.x