11 matches found
Mageia: Security Advisory (MGASA-2014-0417)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-881-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 881-1] ejabberd security update
Package : ejabberd Version : 2.1.10-4+deb7u2 CVE ID : CVE-2014-8760 Debian Bug : 767521 767535 It was found that ejabberd does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption. For Debian 7 "Wheezy", this problem h...
Mandriva Linux Security Advisory : ejabberd (MDVSA-2015:175)
Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
Mandriva Linux Security Advisory : ejabberd (MDVSA-2014:207)
Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
ejabberd: circumvention of encryption
It was discovered that ejabberd does not enforce the starttlsrequired setting when compression is used, which causes clients to unexpectedly establish connections without encryption...
CVE-2014-8760
ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...
Design/Logic Flaw
ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...
CVE-2014-8760
ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...
CVE-2014-8760
ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...
Updated ejabberd packages fix security vulnerability
A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760...