Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.3.0
    • Fix Version/s: 3.3.1
    • Component/s: Core
    • Labels:
      None

      Description

      A security issue has been reported that allows malicious users to remotely upload code to Openfire via the built-in admin console. Although there is no known exploit "in the wild", it's highly recommended that users upgrade their server instances to fix this security issue.

      Affects: All previous releases of Openfire, at least through Openfire 3.0.0

      Workaround: the security issue can be worked around in previous versions of Openfire by limiting access to the admin console port (9090 by default) via firewall rules.

        Attachments

          Activity

          Show
          der74hva3 der74hva3 added a comment - http://charlesswartz.org http://usceclub.org http://rustudentrally.com http://intheseplaces.com http://tlak.org http://pack3786.org http://ishere4u.com http://win-shops.com http://f5solution.com http://leavealegacy-lancaster.org http://consideryoursource.com http://robertprather.us http://meetmeatthefountain.com http://gymnasticsdivine.org http://rubicondevelopments.com http://www.tableta.org http://refusetohide.com http://buy-prozac.us

            People

            • Assignee:
              gaston Gaston Dombiak
              Reporter:
              derek Derek DeMoro
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: