|
|
CVE Reference: CVE-2008-6508 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-6508 |
|
|
Description: Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/46488 SAID Secunia Advisory: SA32478 OSVDB 49663 MISC http://www.andreas-kurtz.de/archives/63 http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt MILW0RM http://www.milw0rm.com/exploits/7075 CONFIRM http://www.igniterealtime.org/issues/browse/JM-1489 http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/498162/100/0/threaded BID 32189 |
|
| Return to the previous page. |
