ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
Max CVSS
5.0
EPSS Score
0.28%
Published
2014-10-25
Updated
2015-09-10
The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.
Max CVSS
4.3
EPSS Score
0.14%
Published
2013-10-17
Updated
2013-10-18
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
Max CVSS
4.0
EPSS Score
0.58%
Published
2012-02-18
Updated
2012-02-29
expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Max CVSS
5.0
EPSS Score
6.13%
Published
2011-06-21
Updated
2017-08-17
ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.
Max CVSS
5.0
EPSS Score
8.30%
Published
2010-02-03
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
Max CVSS
4.3
EPSS Score
0.32%
Published
2009-03-18
Updated
2017-08-17
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.55%
Published
2007-02-13
Updated
2017-07-29
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-05-05
Updated
2018-10-18
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!