CVE-2013-6169

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
process-oneejabberd
𝑥
≤ 2.1.12
process-oneejabberd
0.9
process-oneejabberd
0.9.1
process-oneejabberd
0.9.8
process-oneejabberd
1.0.0
process-oneejabberd
1.1.0
process-oneejabberd
1.1.1
process-oneejabberd
1.1.1.0
process-oneejabberd
1.1.1.1
process-oneejabberd
1.1.2
process-oneejabberd
1.1.3
process-oneejabberd
1.1.14
process-oneejabberd
2.0.0
process-oneejabberd
2.0.0:beta1
process-oneejabberd
2.0.0:rc1
process-oneejabberd
2.0.1_2:_2
process-oneejabberd
2.0.2
process-oneejabberd
2.0.3
process-oneejabberd
2.0.4
process-oneejabberd
2.0.5
process-oneejabberd
2.1.0
process-oneejabberd
2.1.1
process-oneejabberd
2.1.2
process-oneejabberd
2.1.3
process-oneejabberd
2.1.4
process-oneejabberd
2.1.5
process-oneejabberd
2.1.6
process-oneejabberd
2.1.7
process-oneejabberd
2.1.8
process-oneejabberd
2.1.9
process-oneejabberd
2.1.10
process-oneejabberd
2.1.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ejabberd
bullseye
21.01-2
fixed
bookworm
23.01-1
fixed
trixie
23.10-1
fixed
sid
24.07-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ejabberd
saucy
Fixed 2.1.10-5ubuntu1
released
raring
Fixed 2.1.10-4ubuntu0.1
released
quantal
Fixed 2.1.10-3ubuntu0.1
released
precise
Fixed 2.1.10-2ubuntu1.2
released
lucid
ignored
Common Weakness Enumeration
References
http://www.debian.org/security/2013/dsa-2775
https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/
http://www.debian.org/security/2013/dsa-2775
https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/