oss-sec mailing list archives

CVE request - openfire

From: Matti Bickel <mabi () gentoo org>
Date: Sat, 21 Mar 2009 11:18:10 +0100

Hi,

   these are old issues, but could we get a CVE identifier for them,
   anyway?

   All issues are from this advisory:
    http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt

   (1) Authentication Bypass using a special URL (possible remote code
       execution)
   Fixed in 3.6.1
   References:
    http://www.igniterealtime.org/issues/browse/JM-1489

   (2) XSS in login.jsp (possible session hijacking)
   Fixed in 3.6.0
   References:
    http://www.igniterealtime.org/issues/browse/JM-629

   (3) SQL injection in sip plugin
   Fixed in 3.6.1
   References:
    http://www.igniterealtime.org/issues/browse/JM-1488

Thanks,
  Matti
-- 
Encrypted/Signed Email preferred

Attachment: _bin
Description:

Current thread:

CVE request - openfire Matti Bickel (Mar 21)
- Re: CVE request - openfire Steven M. Christey (Mar 24)