Security fix
Description
Environment
None
Activity
Show:
Fixed
Details
Details
Details
Created May 3, 2007 at 6:22 AM
Updated May 27, 2008 at 3:44 AM
Resolved May 11, 2007 at 5:42 AM
Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
A security issue has been reported that allows malicious users to remotely upload code to Openfire via the built-in admin console. Although there is no known exploit "in the wild", it's highly recommended that users upgrade their server instances to fix this security issue.
Affects: All previous releases of Openfire, at least through Openfire 3.0.0
Workaround: the security issue can be worked around in previous versions of Openfire by limiting access to the admin console port (9090 by default) via firewall rules.