Mageia: Security Advisory (MGASA-2014-0417)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-881-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 881-1] ejabberd security update

Package : ejabberd Version : 2.1.10-4+deb7u2 CVE ID : CVE-2014-8760 Debian Bug : 767521 767535 It was found that ejabberd does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption. For Debian 7 "Wheezy", this problem h...

Mandriva Linux Security Advisory : ejabberd (MDVSA-2015:175)

Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

ejabberd: circumvention of encryption

It was discovered that ejabberd does not enforce the starttlsrequired setting when compression is used, which causes clients to unexpectedly establish connections without encryption...

Mandriva Linux Security Advisory : ejabberd (MDVSA-2014:207)

Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

CVE-2014-8760

ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...

Design/Logic Flaw

ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...

CVE-2014-8760

ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...

CVE-2014-8760

ejabberd before 2.1.13 does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption...

Updated ejabberd packages fix security vulnerability

A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760...