3 matches found
[ASA-201612-21] openfire: multiple issues
Arch Linux Security Advisory ASA-201612-21 ========================================== Severity: High Date : 2016-12-23 CVE-ID : CVE-2015-6972 CVE-2015-6973 CVE-2015-7707 Package : openfire Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-15 Summary ======= The package...
OpenFire <= 3.10.2 Multiple Vulnerabilities
OpenFire Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...
CVE-2015-6973
Openfire (Ignite Realtime) 3.10.2 is affected by CVE-2015-6973 (and related CVEs) due to insufficient CSRF protections. Multiple CSRF vulnerabilities allow remote attackers to hijack administrator sessions by issuing crafted requests to JSPs such as user-password.jsp, user-create.jsp, server-prop...