Difference between revisions of "IQ Reply Spoofing"

← Older edit

IQ Reply Spoofing (view source)

Revision as of 13:28, 30 December 2014

31 bytes added , 13:28, 30 December 2014

→‎Information

Flow

165

edits

@@ Line 1: / Line 1: @@
 == Information ==
+=== The Situation ===
 Most XMPP stacks provide a convenience method to send an IQ request that returns the IQ response (or e.g. throws an exception on timeout). To collect the response the incoming IQ stanzas are matched against a filter. Unfortunately the filter often looks like
@@ Line 24: / Line 26: @@
 If 'to' is the sending entity's bare JID, the it must also match stanzas where 'to' is not set.
+=== Links with more information ===
-More information can be found at:
+* http://tools.ietf.org/html/draft-alkemade-xmpp-iq-validation-00
+* http://www.ietf.org/proceedings/89/slides/slides-89-xmpp-3.pdf
-http://tools.ietf.org/html/draft-alkemade-xmpp-iq-validation-00
+* http://mailman.jabber.org/pipermail/jdev/2014-March/089892.html
-http://www.ietf.org/proceedings/89/slides/slides-89-xmpp-3.pdf
-http://mailman.jabber.org/pipermail/jdev/2014-March/089892.html
 == Software Components ==
@@ Line 45: / Line 44: @@
 * '''Smack''', fixed with 4.0 ([https://igniterealtime.org/issues/browse/SMACK-533 SMACK-533], [https://igniterealtime.org/issues/browse/SMACK-538 SMACK-538], [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0364 CVE-2014-0364])
-* '''libpurple/Pidgin, fixed with https://pidgin.im/pipermail/commits/2014-January/024231.html
+* '''libpurple/Pidgin''', fixed with https://pidgin.im/pipermail/commits/2014-January/024231.html
 * '''Go XMPP''' https://github.com/agl/xmpp/issues/13
 * '''SleekXMPP''' https://github.com/fritzy/SleekXMPP/issues/278
 * '''XMPPFramework''' https://github.com/robbiehanson/XMPPFramework/issues/300

Difference between revisions of "IQ Reply Spoofing"

IQ Reply Spoofing (view source)

Revision as of 13:28, 30 December 2014

Navigation menu

Search