oss-sec mailing list archives
CVE request - openfire
From: Matti Bickel <mabi () gentoo org>
Date: Sat, 21 Mar 2009 11:18:10 +0100
Hi, these are old issues, but could we get a CVE identifier for them, anyway? All issues are from this advisory: http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt (1) Authentication Bypass using a special URL (possible remote code execution) Fixed in 3.6.1 References: http://www.igniterealtime.org/issues/browse/JM-1489 (2) XSS in login.jsp (possible session hijacking) Fixed in 3.6.0 References: http://www.igniterealtime.org/issues/browse/JM-629 (3) SQL injection in sip plugin Fixed in 3.6.1 References: http://www.igniterealtime.org/issues/browse/JM-1488 Thanks, Matti -- Encrypted/Signed Email preferred
Attachment:
_bin
Description:
Current thread:
- CVE request - openfire Matti Bickel (Mar 21)
- Re: CVE request - openfire Steven M. Christey (Mar 24)