Lucene search

PRIOn knowledge basePRION:CVE-2007-2975

HistoryJun 01, 2007 - 1:30 a.m.

Design/Logic Flaw

2007-06-0101:30:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.053 Low

EPSS

Percentile

92.9%

JSON

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.

CPENameOperatorVersion
openfireeq3.2.0
openfireeq3.0.1
openfireeq2.6.1
openfireeq3.2.2
openfireeq3.2.3
openfireeq3.1.0
openfireeq3.2.1
openfireeq3.2.4
openfireeq2.6.0
openfirele3.3.0

Name	Operator	Version
openfire	eq	3.2.0
openfire	eq	3.0.1
openfire	eq	2.6.1
openfire	eq	3.2.2
openfire	eq	3.2.3
openfire	eq	3.1.0
openfire	eq	3.2.1
openfire	eq	3.2.4
openfire	eq	2.6.0
openfire	le	3.3.0

Rows per page:

1-10 of 131

References

secunia.com/advisories/25427

www.igniterealtime.org/issues/browse/JM-1049

www.osvdb.org/36713

www.securityfocus.com/bid/24205

blogs.reucon.com/srt/2007/05/11/openfire_3_3_1_fixes_critical_security_issue.html

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.053 Low

EPSS

Percentile

92.9%

JSON

Related for PRION:CVE-2007-2975