Описание
ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
Ссылки
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.12 (включая)
cpe:2.3:a:process-one:ejabberd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00264
Низкий
5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
ubuntu
больше 11 лет назад
ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
debian
больше 11 лет назад
ejabberd before 2.1.13 does not enforce the starttls_required setting ...
github
больше 3 лет назад
ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
EPSS
Процентиль: 50%
0.00264
Низкий
5 Medium
CVSS2
Дефекты
CWE-310