Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201612-21
HistoryDec 23, 2016 - 12:00 a.m.

[ASA-201612-21] openfire: multiple issues

2016-12-2300:00:00
security.archlinux.org
11

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.945

Percentile

99.2%

JSON

Arch Linux Security Advisory ASA-201612-21

Severity: High
Date : 2016-12-23
CVE-ID : CVE-2015-6972 CVE-2015-6973 CVE-2015-7707
Package : openfire
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-15

Summary

The package openfire before version 4.1.0-1 is vulnerable to multiple
issues including privilege escalation, cross-site request forgery and
cross-site scripting.

Resolution

Upgrade to 4.1.0-1.

pacman -Syu “openfire>=4.1.0-1”

The problems have been fixed upstream in version 4.1.0.

Workaround

None.

Description

  • CVE-2015-6972 (cross-site scripting)

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime
Openfire 3.10.2 allow remote attackers to inject arbitrary web script
or HTML via the (1) groupchatName parameter to
plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to
plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter
to server-session-details.jsp; or the (4) search parameter to group-
summary.jsp.

  • CVE-2015-6973 (cross-site request forgery)

Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite
Realtime Openfire 3.10.2 allow remote attackers to hijack the
authentication of administrators for requests that (1) change a
password via a crafted request to user-password.jsp, (2) add users via
a crafted request to user-create.jsp, (3) edit server settings or (4)
disable SSL on the server via a crafted request to server-props.jsp, or
(5) add clients via a crafted request to
plugins/clientcontrol/permitted-clients.jsp.

  • CVE-2015-7707 (privilege escalation)

Ignite Realtime Openfire 3.10.2 allows remote authenticated users to
gain administrator access via the isadmin parameter to user-edit-
form.jsp.

Impact

A remote attacker is able to escalate privileges, perform cross-site
request forgery and cross-site scripting.

References

http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt
https://igniterealtime.org/issues/browse/OF-942
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt
https://issues.igniterealtime.org/browse/OF-941
https://security.archlinux.org/CVE-2015-6972
https://security.archlinux.org/CVE-2015-6973
https://security.archlinux.org/CVE-2015-7707

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyopenfire< 4.1.0-1UNKNOWN

Related

nessus 1
gentoo 1
openvas 1
prion 3
cvelist 3
exploitdb 3
packetstorm 3
cve 3
nvd 3
checkpoint_advisories 5
nessus
nessus
GLSA-201612-50 : Openfire: Multiple vulnerabilities
2017-01-03 00:00:00
gentoo
gentoo
Openfire: Multiple vulnerabilities
2016-12-31 00:00:00
openvas
openvas
OpenFire <= 3.10.2 Multiple Vulnerabilities
2015-10-19 00:00:00
prion
prion
Code injection
2015-10-05 15:59:00
Cross site request forgery (csrf)
2015-09-16 19:59:00
Cross site scripting
2015-09-16 19:59:00
cvelist
cvelist
CVE-2015-7707
2015-10-05 15:00:00
CVE-2015-6973
2015-09-16 19:00:00
CVE-2015-6972
2015-09-16 19:00:00
exploitdb
exploitdb
Openfire 3.10.2 - Privilege Escalation
2015-09-15 00:00:00
Openfire 3.10.2 - Cross-Site Request Forgery
2015-09-15 00:00:00
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities
2015-09-15 00:00:00
packetstorm
packetstorm
Openfire 3.10.2 Privilege Escalation
2015-09-15 00:00:00
Openfire 3.10.2 Cross Site Request Forgery
2015-09-14 00:00:00
Openfire 3.10.2 Cross Site Scripting
2015-09-15 00:00:00
cve
cve
CVE-2015-7707
2015-10-05 15:59:03
CVE-2015-6972
2015-09-16 19:59:00
CVE-2015-6973
2015-09-16 19:59:01
nvd
nvd
CVE-2015-7707
2015-10-05 15:59:03
CVE-2015-6973
2015-09-16 19:59:01
CVE-2015-6972
2015-09-16 19:59:00
checkpoint_advisories
checkpoint_advisories
Ignite Realtime Openfire server-props.jsp Cross-Site Request Forgery (CVE-2015-6973)
2015-10-18 00:00:00
Ignite Realtime Openfire user-password.jsp Cross-Site Request Forgery (CVE-2015-6973)
2015-10-07 00:00:00
Ignite Realtime Openfire user-create.jsp Cross-Site Request Forgery (CVE-2015-6973)
2015-10-11 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.945

Percentile

99.2%

JSON
Related for ASA-201612-21
nessus1gentoo1openvas1prion3cvelist3exploitdb3packetstorm3cve3nvd3checkpoint_advisories5