CVE-2007-2975

2007-06-01T01:30:00
ID CVE-2007-2975
Type cve
Reporter cve@mitre.org
Modified 2008-09-10T04:00:00

Description

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. The vendor has addressed this issue through the release of the following product updates:

Ignite Realtime openfire-3.3.1-1.i386.rpm http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire-3.3.1-1.i386.rpm

Ignite Realtime openfire_3_3_1.dmg http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_3_1.dmg

Ignite Realtime openfire_3_3_1.exe http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_3_1.exe