3 results (0.002 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. ejabberd anterior a 2.1.13 no fuerza la configuración starttls_required cuando se utiliza la compresión, lo que causa que clientes establezcan conexiones sin codificación. • http://advisories.mageia.org/MGASA-2014-0417.html http://mail.jabber.org/pipermail/operators/2014-October/002438.html http://seclists.org/oss-sec/2014/q4/312 http://www.mandriva.com/security/advisories?name=MDVSA-2014:207 http://www.mandriva.com/security/advisories?name=MDVSA-2015:175 http://www.securityfocus.com/bid/70415 https://bugzilla.redhat.com/show_bug.cgi?id=1153839 https://github.com/processone/ejabberd/commit/7bdc1151b • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. El controlador TLS en ejabberd anterior a 2.1.12 soporta (1) SSLv2 y (2) cifradores SSL débiles, lo que hace más fácil para atacantes remotos obtener información sensible a través de un ataque de fuerza bruta. • http://www.debian.org/security/2013/dsa-2775 https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 6%CPEs: 34EXPL: 0

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. expat_erl.c en ejabberd v2.1.7 y v3.x antes de v3.0.0-alpha-3, y exmpp antes de v0.9.7, no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( la memoria y el consumo de CPU ) a través de un documento XML manipulado que contiene un gran número de referencias a entidades anidadas, un problema similar a CVE-2003-1564. • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062099.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062145.html http://secunia.com/advisories/44765 http://secunia.com/advisories/44807 http://secunia.com/advisories/45120 http://www.debian.org/security/2011/dsa-2248 http://www.ejabberd.im/ejabberd-2.1.7 http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7 http://www.securityfocus.com/bid/48072 https:/&#x • CWE-399: Resource Management Errors •