ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
Max CVSS
5.0
EPSS Score
0.28%
Published
2014-10-25
Updated
2015-09-10
expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Max CVSS
5.0
EPSS Score
6.13%
Published
2011-06-21
Updated
2017-08-17
ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.
Max CVSS
5.0
EPSS Score
8.30%
Published
2010-02-03
Updated
2017-08-17
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.55%
Published
2007-02-13
Updated
2017-07-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!