CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10027

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.9%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

Products affected by CVE-2016-10027

Igniterealtime » Smack » Version: 2.2.0

cpe:2.3:a:igniterealtime:smack:2.2.0
Igniterealtime » Smack » Version: 2.2.1

cpe:2.3:a:igniterealtime:smack:2.2.1
Igniterealtime » Smack » Version: 3.0.0

cpe:2.3:a:igniterealtime:smack:3.0.0
Igniterealtime » Smack » Version: 3.0.1

cpe:2.3:a:igniterealtime:smack:3.0.1
Igniterealtime » Smack » Version: 3.0.2

cpe:2.3:a:igniterealtime:smack:3.0.2
Igniterealtime » Smack » Version: 3.0.3

cpe:2.3:a:igniterealtime:smack:3.0.3
Igniterealtime » Smack » Version: 3.1.0

cpe:2.3:a:igniterealtime:smack:3.1.0
Igniterealtime » Smack » Version: 3.2.0

cpe:2.3:a:igniterealtime:smack:3.2.0
Igniterealtime » Smack » Version: 3.2.1

cpe:2.3:a:igniterealtime:smack:3.2.1
Igniterealtime » Smack » Version: 3.2.2

cpe:2.3:a:igniterealtime:smack:3.2.2
Igniterealtime » Smack » Version: 3.3.0

cpe:2.3:a:igniterealtime:smack:3.3.0
Igniterealtime » Smack » Version: 3.3.1

cpe:2.3:a:igniterealtime:smack:3.3.1
Igniterealtime » Smack » Version: 3.4.0

cpe:2.3:a:igniterealtime:smack:3.4.0
Igniterealtime » Smack » Version: 3.4.1

cpe:2.3:a:igniterealtime:smack:3.4.1
Igniterealtime » Smack » Version: 4.0.0

cpe:2.3:a:igniterealtime:smack:4.0.0
Igniterealtime » Smack » Version: 4.0.1

cpe:2.3:a:igniterealtime:smack:4.0.1
Igniterealtime » Smack » Version: 4.0.2

cpe:2.3:a:igniterealtime:smack:4.0.2
Igniterealtime » Smack » Version: 4.0.3

cpe:2.3:a:igniterealtime:smack:4.0.3
Igniterealtime » Smack » Version: 4.0.4

cpe:2.3:a:igniterealtime:smack:4.0.4
Igniterealtime » Smack » Version: 4.0.5

cpe:2.3:a:igniterealtime:smack:4.0.5
Igniterealtime » Smack » Version: 4.0.6

cpe:2.3:a:igniterealtime:smack:4.0.6
Igniterealtime » Smack » Version: 4.0.7

cpe:2.3:a:igniterealtime:smack:4.0.7
Igniterealtime » Smack » Version: 4.1.0

cpe:2.3:a:igniterealtime:smack:4.1.0
Igniterealtime » Smack » Version: 4.1.1

cpe:2.3:a:igniterealtime:smack:4.1.1
Igniterealtime » Smack » Version: 4.1.2

cpe:2.3:a:igniterealtime:smack:4.1.2
Igniterealtime » Smack » Version: 4.1.3

cpe:2.3:a:igniterealtime:smack:4.1.3
Igniterealtime » Smack » Version: 4.1.4

cpe:2.3:a:igniterealtime:smack:4.1.4
Igniterealtime » Smack » Version: 4.1.5

cpe:2.3:a:igniterealtime:smack:4.1.5
Igniterealtime » Smack » Version: 4.1.6

cpe:2.3:a:igniterealtime:smack:4.1.6
Igniterealtime » Smack » Version: 4.1.7

cpe:2.3:a:igniterealtime:smack:4.1.7
Igniterealtime » Smack » Version: 4.1.8

cpe:2.3:a:igniterealtime:smack:4.1.8
Fedoraproject » Fedora » Version: 25

cpe:2.3:o:fedoraproject:fedora:25

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10027

Products

Pricing

Contact Us