This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ignite Realtime | First view | 2009-02-09 |
| Product | Openfire | Last view | 2009-02-09 |
| Version | 3.6.2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ignite_realtime:openfire | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2009-02-09 | CVE-2009-0496 | Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 51425 | Openfire muc-room-edit-form.jsp Multiple Parameter XSS |
| 51424 | Openfire server-properties.jsp propName Parameter XSS |
| 51423 | Openfire audit-policy.jsp Multiple Parameter XSS |
| 51422 | Openfire user-properties.jsp username Parameter XSS |
| 51421 | Openfire group-summary.jsp search Parameter XSS |
| 51420 | Openfire log.jsp log Parameter XSS |
| 51419 | Openfire logviewer.jsp log Parameter XSS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-04-06 | Name : Gentoo Security Advisory GLSA 200904-01 (openfire) File : nvt/glsa_200904_01.nasl |
| 2009-02-11 | Name : Ignite Realtime OpenFire Multiple Vulnerabilities File : nvt/gb_openfire_mult_vuln.nasl |
| 2009-01-26 | Name : FreeBSD Ports: openfire File : nvt/freebsd_openfire1.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Jive Software Openfire muc-room-edit-form.jsp XSS attempt RuleID : 20868 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | Jive Software Openfire server-properties.jsp XSS attempt RuleID : 20867 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | Jive Software Openfire audit-policy.jsp XSS attempt RuleID : 20866 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | Jive Software Openfire user-properties.jsp XSS attempt RuleID : 20865 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | Jive Software Openfire group-summary.jsp XSS attempt RuleID : 20864 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | Jive Software Openfire log.jsp XSS attempt RuleID : 20863 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | Jive Software Openfire logviewer.jsp XSS attempt RuleID : 20862 - Type : SERVER-WEBAPP - Revision : 8 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-04-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200904-01.nasl - Type: ACT_GATHER_INFO |
| 2009-02-09 | Name: The remote host contains an application that is affected by multiple vulnerab... File: openfire_3_6_3.nasl - Type: ACT_GATHER_INFO |
| 2009-01-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_c3aba586ea7711dd9d1e000bcdc1757a.nasl - Type: ACT_GATHER_INFO |
