Summary
The host is running Openfire and is prone to security bypass vulnerability.
Impact
Successful exploitation will cause execution of arbitrary code.
Impact Level: Network
Solution
Upgrade to 3.6.1
http://www.igniterealtime.org/downloads/index.jsp
Insight
This vulnerability is due to error in the 'AuthCheck' filter while imposing access restrictions via a specially crafted URL using 'setup/setup-' and followed by the directory traveral sequences. These can be exploited to cause underlying database, access or modify data.
Affected
Ignite Realtime Openfire version prior to 3.6.1.
References
Severity
Classification
-
CVE CVE-2008-6508 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
- Adobe Air Multiple Vulnerabilities June-2012 (Windows)