PT-2014-8715 · Processone+1 · Ejabberd+1

Weiss

Published

2014-10-23

Updated

2016-04-11

CVE-2014-8760

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ejabberd versions prior to 2.1.13

Description The issue causes clients to establish connections without encryption when compression is used, due to the failure to enforce the starttls required setting.

Recommendations For versions prior to 2.1.13, update to version 2.1.13 or later to resolve the issue. As a temporary workaround, consider disabling compression until a patch is available. Restrict access to unencrypted connections to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

ALT-PU-2016-1317

CVE-2014-8760

DLA-881-1

MGASA-2014-0417

Affected Products

Alt Linux

Ejabberd

PT-2014-8715 · Processone+1 · Ejabberd+1

CVE-2014-8760

Weakness Enumeration

Related Identifiers

Affected Products

References · 20