) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:process-one:ejabberd:2.1.3:*:*:*:*:*:*:*
- CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-8760 |
ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. Published: October 24, 2014; 8:55:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2013-6169 |
The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. Published: October 17, 2013; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2011-1753 |
expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. Published: June 20, 2011; 10:52:42 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |