Details of VAR-201208-0302

ID

VAR-201208-0302

CVE

CVE-2012-4672

TITLE

Apple iChat Server Vulnerable to domain impersonation

Trust: 0.8

sources: JVNDB: JVNDB-2012-003890

DESCRIPTION

Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple iChat is a video chat tool bundled with Apple's family of operating systems

Trust: 1.98

sources: NVD: CVE-2012-4672 // JVNDB: JVNDB-2012-003890 // BID: 55294 // VULHUB: VHN-57953

AFFECTED PRODUCTS

vendor:	apple	model:	ichat server	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	ichat server	scope:	eq	version:	*	Trust: 1.0

sources: JVNDB: JVNDB-2012-003890 // CNNVD: CNNVD-201208-484 // NVD: CVE-2012-4672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4672
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4672
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201208-484
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57953
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4672
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57953
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57953 // JVNDB: JVNDB-2012-003890 // CNNVD: CNNVD-201208-484 // NVD: CVE-2012-4672

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57953 // JVNDB: JVNDB-2012-003890 // NVD: CVE-2012-4672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-484

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201208-484

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003890

PATCH

title:

Top Page

url:

http://www.apple.com

Trust: 0.8

sources: JVNDB: JVNDB-2012-003890

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4672	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-003890	Trust: 0.8
db:	CNNVD	id:	CNNVD-201208-484	Trust: 0.7
db:	NSFOCUS	id:	20531	Trust: 0.6
db:	BID	id:	55294	Trust: 0.4
db:	VULHUB	id:	VHN-57953	Trust: 0.1

sources: VULHUB: VHN-57953 // BID: 55294 // JVNDB: JVNDB-2012-003890 // CNNVD: CNNVD-201208-484 // NVD: CVE-2012-4672

REFERENCES

url:	http://xmpp.org/resources/security-notices/server-dialback/	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78133	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4672	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4672	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20531	Trust: 0.6
url:	http://www.apple.com/ichat/	Trust: 0.3

sources: VULHUB: VHN-57953 // BID: 55294 // JVNDB: JVNDB-2012-003890 // CNNVD: CNNVD-201208-484 // NVD: CVE-2012-4672

CREDITS

Philipp Hancke

Trust: 0.3

sources: BID: 55294

SOURCES

db:	VULHUB	id:	VHN-57953
db:	BID	id:	55294
db:	JVNDB	id:	JVNDB-2012-003890
db:	CNNVD	id:	CNNVD-201208-484
db:	NVD	id:	CVE-2012-4672

LAST UPDATE DATE

2025-04-11T23:16:40.669000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57953	date:	2017-08-29T00:00:00
db:	BID	id:	55294	date:	2012-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2012-003890	date:	2012-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201208-484	date:	2012-08-27T00:00:00
db:	NVD	id:	CVE-2012-4672	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57953	date:	2012-08-25T00:00:00
db:	BID	id:	55294	date:	2012-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2012-003890	date:	2012-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201208-484	date:	2012-08-27T00:00:00
db:	NVD	id:	CVE-2012-4672	date:	2012-08-25T16:55:01.730