Vulnerability Details CVE-2017-10807
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.debian.org/security/2017/dsa-3902
- http://www.securityfocus.com/bid/99511
- https://bugs.debian.org/867032
- https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
- https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
- http://www.debian.org/security/2017/dsa-3902
- http://www.securityfocus.com/bid/99511
- https://bugs.debian.org/867032
- https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
- https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
Products affected by CVE-2017-10807
-
cpe:2.3:a:jabberd2:jabberd2:2.1
-
cpe:2.3:a:jabberd2:jabberd2:2.1.1
-
cpe:2.3:a:jabberd2:jabberd2:2.1.10
-
cpe:2.3:a:jabberd2:jabberd2:2.1.11
-
cpe:2.3:a:jabberd2:jabberd2:2.1.12
-
cpe:2.3:a:jabberd2:jabberd2:2.1.13
-
cpe:2.3:a:jabberd2:jabberd2:2.1.14
-
cpe:2.3:a:jabberd2:jabberd2:2.1.15
-
cpe:2.3:a:jabberd2:jabberd2:2.1.16
-
cpe:2.3:a:jabberd2:jabberd2:2.1.17
-
cpe:2.3:a:jabberd2:jabberd2:2.1.18
-
cpe:2.3:a:jabberd2:jabberd2:2.1.2
-
cpe:2.3:a:jabberd2:jabberd2:2.1.20
-
cpe:2.3:a:jabberd2:jabberd2:2.1.21
-
cpe:2.3:a:jabberd2:jabberd2:2.1.22
-
cpe:2.3:a:jabberd2:jabberd2:2.1.23
-
cpe:2.3:a:jabberd2:jabberd2:2.1.24
-
cpe:2.3:a:jabberd2:jabberd2:2.1.24.1
-
cpe:2.3:a:jabberd2:jabberd2:2.1.3
-
cpe:2.3:a:jabberd2:jabberd2:2.1.4
-
cpe:2.3:a:jabberd2:jabberd2:2.1.5
-
cpe:2.3:a:jabberd2:jabberd2:2.1.6
-
cpe:2.3:a:jabberd2:jabberd2:2.1.7
-
cpe:2.3:a:jabberd2:jabberd2:2.1.8
-
cpe:2.3:a:jabberd2:jabberd2:2.1.9
-
cpe:2.3:a:jabberd2:jabberd2:2.2.0
-
cpe:2.3:a:jabberd2:jabberd2:2.2.1
-
cpe:2.3:a:jabberd2:jabberd2:2.2.10
-
cpe:2.3:a:jabberd2:jabberd2:2.2.11
-
cpe:2.3:a:jabberd2:jabberd2:2.2.12
-
cpe:2.3:a:jabberd2:jabberd2:2.2.13
-
cpe:2.3:a:jabberd2:jabberd2:2.2.14
-
cpe:2.3:a:jabberd2:jabberd2:2.2.15
-
cpe:2.3:a:jabberd2:jabberd2:2.2.16
-
cpe:2.3:a:jabberd2:jabberd2:2.2.17
-
cpe:2.3:a:jabberd2:jabberd2:2.2.2
-
cpe:2.3:a:jabberd2:jabberd2:2.2.3
-
cpe:2.3:a:jabberd2:jabberd2:2.2.4
-
cpe:2.3:a:jabberd2:jabberd2:2.2.5
-
cpe:2.3:a:jabberd2:jabberd2:2.2.6
-
cpe:2.3:a:jabberd2:jabberd2:2.2.7
-
cpe:2.3:a:jabberd2:jabberd2:2.2.7.1
-
cpe:2.3:a:jabberd2:jabberd2:2.2.8
-
cpe:2.3:a:jabberd2:jabberd2:2.2.8.90
-
cpe:2.3:a:jabberd2:jabberd2:2.2.8.91
-
cpe:2.3:a:jabberd2:jabberd2:2.2.9
-
cpe:2.3:a:jabberd2:jabberd2:2.3.0
-
cpe:2.3:a:jabberd2:jabberd2:2.3.1
-
cpe:2.3:a:jabberd2:jabberd2:2.3.3
-
cpe:2.3:a:jabberd2:jabberd2:2.3.4
-
cpe:2.3:a:jabberd2:jabberd2:2.3.5
-
cpe:2.3:a:jabberd2:jabberd2:2.3.6
-
cpe:2.3:a:jabberd2:jabberd2:2.4.0
-
cpe:2.3:a:jabberd2:jabberd2:2.5.0
-
cpe:2.3:a:jabberd2:jabberd2:2.6.0