Skip to main content

Ejabberd

2 CVEs product

Monthly

CVE-2014-8760 MEDIUM PATCH This Month

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ejabberd
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6169 MEDIUM This Month

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ejabberd
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ejabberd
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ejabberd
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy