CVE-2013-6169

Published: 17/10/2013 Updated: 18/10/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The TLS driver in ejabberd prior to 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote malicious users to obtain sensitive information via a brute-force attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
process-one ejabberd 2.1.0
process-one ejabberd 2.0.5
process-one ejabberd 2.0.4
process-one ejabberd 2.0.3
process-one ejabberd 0.9.8
process-one ejabberd 0.9.1
process-one ejabberd 0.9
process-one ejabberd 2.1.9
process-one ejabberd 2.1.7
process-one ejabberd 2.1.6
process-one ejabberd 2.1.5
process-one ejabberd 2.0.0
process-one ejabberd 1.1.3
process-one ejabberd 1.1.2
process-one ejabberd 1.1.14
process-one ejabberd 1.1.1.1
process-one ejabberd 2.1.11
process-one ejabberd 2.1.8
process-one ejabberd 2.1.4
process-one ejabberd 2.1.2
process-one ejabberd 2.0.1_2
process-one ejabberd 1.1.1
process-one ejabberd 1.0.0
process-one ejabberd
process-one ejabberd 2.1.10
process-one ejabberd 2.1.3
process-one ejabberd 2.1.1
process-one ejabberd 2.0.2
process-one ejabberd 1.1.1.0
process-one ejabberd 1.1.0

It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure The software offers no runtime configuration options to disable these This update disables the use of SSLv2 and weak ciphers The updated package for Debian 7 (wheezy) also contains auxiliary bugfixes originally stag ...

CWE-310 https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/http://www.debian.org/security/2013/dsa-2775 https://nvd.nist.gov https://www.debian.org/security/./dsa-2775

CVE-2013-6169

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect