Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 Tenable Network Security, Inc.OPENFIRE_3_9_2.NASL
HistoryJul 14, 2014 - 12:00 a.m.

Openfire < 3.9.2 XMPP-Layer DoS

2014-07-1400:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
21

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.015

Percentile

86.8%

JSON

The remote host is running a version of Openfire prior to 3.9.2. It is, therefore, affected by an XMPP-layer denial of service vulnerability.

The vulnerability exists in ‘nio/XMLLightweightParser.java’ which fails to properly restrict the processing of compressed XML elements, which allows remote attackers to consume resources via a crafted XMPP stream, known as an ‘xmppbomb’ attack.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76494);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-2741");
  script_bugtraq_id(66717);
  script_xref(name:"CERT", value:"495476");

  script_name(english:"Openfire < 3.9.2 XMPP-Layer DoS");
  script_summary(english:"Checks Openfire version from admin login page.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that is affected by a denial
of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of Openfire prior to 3.9.2. It
is, therefore, affected by an XMPP-layer denial of service
vulnerability.

The vulnerability exists in 'nio/XMLLightweightParser.java' which
fails to properly restrict the processing of compressed XML elements,
which allows remote attackers to consume resources via a crafted XMPP
stream, known as an 'xmppbomb' attack.");
  script_set_attribute(attribute:"see_also", value:"https://community.igniterealtime.org/thread/52317");
  script_set_attribute(attribute:"solution", value:"Upgrade to version 3.9.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/14");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:igniterealtime:openfire");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");

  script_dependencies("openfire_console_detect.nasl");
  script_require_keys("www/openfire_console", "Settings/ParanoidReport");
  script_require_ports("Services/www", 9090);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("url_func.inc");
include("webapp_func.inc");

port = get_http_port(default:9090);

install = get_install_from_kb(appname:'openfire_console', port:port, exit_on_fail:TRUE);

dir = install['dir'];
ver = install['ver'];
prod = 'Openfire';

fix = '3.9.2';

if (isnull(ver)) audit(AUDIT_UNKNOWN_APP_VER, prod);

# nb: banner checks of open source software are prone to false-
#     positives so only run the check if reporting is paranoid.
if (report_paranoia < 2) audit(AUDIT_PARANOID);

if (ver_compare(ver:ver, fix:fix, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + build_url(port:port, qs:dir+"/") +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_INST_VER_NOT_VULN, prod, ver);

Related

prion 2
cve 2
osv 1
cert 1
github 1
cvelist 1
nvd 2
gentoo 1
openvas 1
nessus 1
prion
prion
Design/Logic Flaw
2014-04-11 01:55:00
Design/Logic Flaw
2014-04-23 20:55:00
cve
cve
CVE-2014-2741
2014-04-11 01:55:05
CVE-2014-0360
2014-04-23 20:55:06
osv
osv
Ignite Realtime Openfire vulnerable to XMPPbomb attack
2022-05-17 04:44:51
cert
cert
Openfire contains an uncontrolled resource consumption vulnerability
2014-04-16 00:00:00
github
github
Ignite Realtime Openfire vulnerable to XMPPbomb attack
2022-05-17 04:44:51
cvelist
cvelist
CVE-2014-2741
2014-04-11 01:00:00
nvd
nvd
CVE-2014-2741
2014-04-11 01:55:05
CVE-2014-0360
2014-04-23 20:55:06
gentoo
gentoo
Openfire: Multiple vulnerabilities
2014-06-30 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201406-35
2015-09-29 00:00:00
nessus
nessus
GLSA-201406-35 : Openfire: Multiple vulnerabilities
2014-07-01 00:00:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.015

Percentile

86.8%

JSON
Related for OPENFIRE_3_9_2.NASL
prion2cve2osv1cert1github1cvelist1nvd2gentoo1openvas1nessus1