CVE-2014-8760 - CERT CVE
ID CVE-2014-8760
Sažetak ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
Reference
CVSS
Base: 5.0
Impact: 2.9
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL NONE NONE
CVSS vektor AV:N/AC:L/Au:N/C:P/I:N/A:N
Zadnje važnije ažuriranje 10-09-2015 - 15:56
Objavljeno 25-10-2014 - 00:55