Openfire (ARCHIVED)

Security fix

View this issue in another formatViewView
- XML
- Word
- Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.3.0
Fix Version/s: 3.3.1
Component/s: Core

Acceptance Test - Add?:
No

Description:

Hide

A security issue has been reported that allows malicious users to remotely upload code to Openfire via the built-in admin console. Although there is no known exploit "in the wild", it's highly recommended that users upgrade their server instances to fix this security issue.

Affects: All previous releases of Openfire, at least through Openfire 3.0.0

Workaround: the security issue can be worked around in previous versions of Openfire by limiting access to the admin console port (9090 by default) via firewall rules.

Show
A security issue has been reported that allows malicious users to remotely upload code to Openfire via the built-in admin console. Although there is no known exploit "in the wild", it's highly recommended that users upgrade their server instances to fix this security issue. Affects: All previous releases of Openfire, at least through Openfire 3.0.0 Workaround: the security issue can be worked around in previous versions of Openfire by limiting access to the admin console port (9090 by default) via firewall rules.

Activity

Ascending order - Click to sort in descending order

People

Assignee:

Gaston Dombiak

Reporter:

Derek DeMoro
Votes:

0

Watchers:

0

Dates

Created:

05/03/07 01:22 AM

Updated:

05/26/08 10:44 PM

Resolved:

05/11/07 12:42 AM