Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose     as any server in the eyes of Slixmpp. (CVE-2022-45197)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-6720bd776b advisory.

    Security fix for CVE-2022-45197

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f9cfdb00-7f43-11ef-9b27-592d55dd336d advisory.

    NIST reports:
    Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream,             allowing an attacker to pose as any server in the eyes of Slixmpp.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202305-07 (slixmpp: Insufficient Certificate Validation)

  - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose     as any server in the eyes of Slixmpp. (CVE-2022-45197)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93db4f92-9997-4f4f-8614-3963d9e2b0ec advisory.

  - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose     as any server in the eyes of Slixmpp. (CVE-2022-45197)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-20a2dbdd45 advisory.

    Security fix for CVE-2022-45197

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10241-1 advisory.

  - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose     as any server in the eyes of Slixmpp. (CVE-2022-45197)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10242-1 advisory.

  - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose     as any server in the eyes of Slixmpp. (CVE-2022-45197)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
225055	Linux Distros Unpatched Vulnerability : CVE-2022-45197	Nessus	Misc.	high
211124	Fedora 37 : python-slixmpp (2022-6720bd776b)	Nessus	Fedora Local Security Checks	high
207974	FreeBSD : Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream (f9cfdb00-7f43-11ef-9b27-592d55dd336d)	Nessus	FreeBSD Local Security Checks	high
175039	GLSA-202305-07 : slixmpp: Insufficient Certificate Validation	Nessus	Gentoo Local Security Checks	high
174310	FreeBSD : py-slixmpp -- incomplete SSL certificate validation (93db4f92-9997-4f4f-8614-3963d9e2b0ec)	Nessus	FreeBSD Local Security Checks	high
169085	Fedora 36 : python-slixmpp (2022-20a2dbdd45)	Nessus	Fedora Local Security Checks	high
168622	openSUSE 15 Security Update : python-slixmpp (openSUSE-SU-2022:10241-1)	Nessus	SuSE Local Security Checks	high
168621	openSUSE 15 Security Update : python-slixmpp (openSUSE-SU-2022:10242-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2022-45197

high

Tenable Plugins

high

high

high

high

high

high

high

high