Loading
Generated remediation guidance and an executive summary. No account required.
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.
Use CWE-295, Igniterealtime vendor hub and Smack product page to widen CVE-2014-0363 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2016-10027 and CVE-2014-0364 for nearby disclosures in the same product family.