CVE-2008-6508 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-6508
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-6508

Description: Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/46488 SAID Secunia Advisory: SA32478 OSVDB 49663 MISC http://www.andreas-kurtz.de/archives/63 http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt MILW0RM http://www.milw0rm.com/exploits/7075 CONFIRM http://www.igniterealtime.org/issues/browse/JM-1489 http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/498162/100/0/threaded BID 32189

Return to the previous page.