ID CVE-2007-2975
Type cve
Modified 2008-09-10T04:00:00


The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. The vendor has addressed this issue through the release of the following product updates:

Ignite Realtime openfire-3.3.1-1.i386.rpm fire/openfire-3.3.1-1.i386.rpm

Ignite Realtime openfire_3_3_1.dmg fire/openfire_3_3_1.dmg

Ignite Realtime openfire_3_3_1.exe fire/openfire_3_3_1.exe