CVE-2007-2975

2007-05-31T21:30:00
ID CVE-2007-2975
Type cve
Reporter NVD
Modified 2008-09-10T00:00:00

Description

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.