[email protected]CVE-2008-1728

HistoryApr 11, 2008 - 7:05 p.m.

CVE-2008-1728

2008-04-1119:05:00

CWE-399

[email protected]

web.nvd.nist.gov

ignite realtime

openfire

cve-2008-1728

connectionmanagerimpl.java

denial of service

daemon outage

nvd

6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.5%

JSON

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.

CPENameOperatorVersion
ignite_realtime:openfireignite realtime openfireeq3.4.5

CPE	Name	Operator	Version
ignite_realtime:openfire	ignite realtime openfire	eq	3.4.5

References

secunia.com/advisories/29751

secunia.com/advisories/29901

security.gentoo.org/glsa/glsa-200804-26.xml

www.igniterealtime.org/builds/openfire/docs/latest/changelog.html

www.igniterealtime.org/fisheye/changelog/svn-org?cs=10031

www.igniterealtime.org/issues/browse/JM-1289

www.openwall.com/lists/oss-security/2008/04/10/7

www.securityfocus.com/bid/28722

www.vupen.com/english/advisories/2008/1188/references

exchange.xforce.ibmcloud.com/vulnerabilities/41744

6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2008-1728

openvas6 github1 securityvulns2 nessus4 prion1 cvelist1 freebsd2 osv1 gentoo1