Security fix

Description

A security issue has been reported that allows malicious users to remotely upload code to Openfire via the built-in admin console. Although there is no known exploit "in the wild", it's highly recommended that users upgrade their server instances to fix this security issue.

Affects: All previous releases of Openfire, at least through Openfire 3.0.0

Workaround: the security issue can be worked around in previous versions of Openfire by limiting access to the admin console port (9090 by default) via firewall rules.

Environment

None

Activity

Show:

Former user May 27, 2008 at 3:44 AM

http://charlesswartz.org http://usceclub.org http://rustudentrally.com http://intheseplaces.com http://tlak.org http://pack3786.org http://ishere4u.com http://win-shops.com http://f5solution.com http://leavealegacy-lancaster.org http://consideryoursource.com http://robertprather.us http://meetmeatthefountain.com http://gymnasticsdivine.org http://rubicondevelopments.com http://www.tableta.org http://refusetohide.com http://buy-prozac.us

Fixed

Details
Assignee
Gaston Dombiak
Reporter
Derek DeMoro
Components
Fix versions
3.3.1
Affects versions
3.3.0
Priority
Critical

Created May 3, 2007 at 6:22 AM

Updated May 27, 2008 at 3:44 AM

Resolved May 11, 2007 at 5:42 AM

Security fix

Description

Environment

Activity

Former user May 27, 2008 at 3:44 AM

DetailsAssigneeGaston DombiakGaston DombiakReporterDerek DeMoroDerek DeMoroComponentsFix versions3.3.1Affects versions3.3.0PriorityCritical

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

Details
Assignee
Gaston Dombiak
Reporter
Derek DeMoro
Components
Fix versions
3.3.1
Affects versions
3.3.0
Priority
Critical