CVE-2014-8760

EPSS 0.26%

ejabberd - security update

Published: 10/25/2014Modified: 4/28/2026

Description

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.

Affected packages (2)

Debian/ejabberdfrom 0, < 14.07-3
Debian/ejabberdfrom 0, < 2.1.10-4+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-8760