oss-sec mailing list archives

CVE request: openfire <3.5.0 Denial of Service

From: Robert Buchholz <rbu () gentoo org>
Date: Fri, 11 Apr 2008 01:44:52 +0200

Please assign a CVE identifier:

Openfire (formerly wildfire) before 3.5.0 is prone to a Denial of 
Service vulnerability. It cannot handle clients that fail to read 
messages, and has no limit on their session's send buffer.

Secunia:
  http://secunia.com/advisories/29751/
Upstream bug:
  http://www.igniterealtime.org/issues/browse/JM-1289
Commit:
  http://www.igniterealtime.org/fisheye/changelog/svn-org?cs=10031

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: openfire <3.5.0 Denial of Service Robert Buchholz (Apr 10)
- Re: CVE request: openfire <3.5.0 Denial of Service Steven M. Christey (Apr 12)