Security fix
Description
Environment
None
Activity
Show:
Former user May 27, 2008 at 3:44 AM
http://charlesswartz.org http://usceclub.org http://rustudentrally.com http://intheseplaces.com http://tlak.org http://pack3786.org http://ishere4u.com http://win-shops.com http://f5solution.com http://leavealegacy-lancaster.org http://consideryoursource.com http://robertprather.us http://meetmeatthefountain.com http://gymnasticsdivine.org http://rubicondevelopments.com http://www.tableta.org http://refusetohide.com http://buy-prozac.us
A security issue has been reported that allows malicious users to remotely upload code to Openfire via the built-in admin console. Although there is no known exploit "in the wild", it's highly recommended that users upgrade their server instances to fix this security issue.
Affects: All previous releases of Openfire, at least through Openfire 3.0.0
Workaround: the security issue can be worked around in previous versions of Openfire by limiting access to the admin console port (9090 by default) via firewall rules.