CVE-2014-8760

EPSS 0.26%

ejabberd - security update

發布日:2014/10/25修改日:2026/4/28

也稱為:DEBIAN-CVE-2014-8760

描述

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.

受影響套件(2)

Debian/ejabberdfrom 0, < 14.07-3
Debian/ejabberdfrom 0, < 2.1.10-4+deb7u2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-8760