CVE-2019-18394

2019-10-2400:00:00

attackerkb.com

EPSS

0.568

Percentile

97.8%

JSON

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

Recent assessments:

ericalexanderorg at August 04, 2020 4:42pm UTC reported:

More detail
<https://swarm.ptsecurity.com/openfire-admin-console/>

Stupid easy SSRF

> /getFavicon?host=192.168.176.1:8080/secrets.txt?

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18394

github.com/igniterealtime/Openfire/pull/1497

swarm.ptsecurity.com/openfire-admin-console

EPSS

0.568

Percentile

97.8%

JSON

Related for AKB:34EDFFD6-F1D3-409E-A748-B4D6F923CE14