6 matches found
Mageia: Security Advisory (MGASA-2014-0417)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 881-1] ejabberd security update
Package : ejabberd Version : 2.1.10-4+deb7u2 CVE ID : CVE-2014-8760 Debian Bug : 767521 767535 It was found that ejabberd does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption. For Debian 7 "Wheezy", this problem h...
Mandriva Linux Security Advisory : ejabberd (MDVSA-2015:175)
Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
Mandriva Linux Security Advisory : ejabberd (MDVSA-2014:207)
Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
DEBIAN-CVE-2014-8760
ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...
CVE-2014-8760
CVE-2014-8760 affects ejabberd prior to 2.1.13, where the starttls_required setting is not enforced when compression is used, allowing connections to be established without encryption. Public disclosures/ advisories (Debian DLA-881-1, Mandriva MDVSA entries, Mageia advisory) document the issue an...