[JM-1049] Security fix Created: 03/May/07  Updated: 27/May/08  Resolved: 11/May/07

Status: Closed
Project: Openfire (ARCHIVED)
Components: Core
Affects versions: 3.3.0
Fix versions: 3.3.1

Type: Bug Priority: Critical
Reporter: Derek DeMoro Assignee: Gaston Dombiak
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified


 Description   

A security issue has been reported that allows malicious users to remotely upload code to Openfire via the built-in admin console. Although there is no known exploit "in the wild", it's highly recommended that users upgrade their server instances to fix this security issue.

Affects: All previous releases of Openfire, at least through Openfire 3.0.0

Workaround: the security issue can be worked around in previous versions of Openfire by limiting access to the admin console port (9090 by default) via firewall rules.

 Comments   
Comment by Former user (Inactive) [ 27/May/08 ]

http://charlesswartz.org http://usceclub.org http://rustudentrally.com http://intheseplaces.com http://tlak.org http://pack3786.org http://ishere4u.com http://win-shops.com http://f5solution.com http://leavealegacy-lancaster.org http://consideryoursource.com http://robertprather.us http://meetmeatthefountain.com http://gymnasticsdivine.org http://rubicondevelopments.com http://www.tableta.org http://refusetohide.com http://buy-prozac.us

Generated at Thu Apr 18 16:27:54 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100250-rev:31daa98eee8114a786a57d1cfda50a8349f72a0a.