oss-sec mailing list archives
CVE request - openfire
From: Matti Bickel <mabi () gentoo org>
Date: Sat, 21 Mar 2009 11:18:10 +0100
Hi,
these are old issues, but could we get a CVE identifier for them,
anyway?
All issues are from this advisory:
http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
(1) Authentication Bypass using a special URL (possible remote code
execution)
Fixed in 3.6.1
References:
http://www.igniterealtime.org/issues/browse/JM-1489
(2) XSS in login.jsp (possible session hijacking)
Fixed in 3.6.0
References:
http://www.igniterealtime.org/issues/browse/JM-629
(3) SQL injection in sip plugin
Fixed in 3.6.1
References:
http://www.igniterealtime.org/issues/browse/JM-1488
Thanks,
Matti
--
Encrypted/Signed Email preferred
Attachment:
_bin
Description:
Current thread:
- CVE request - openfire Matti Bickel (Mar 21)
- Re: CVE request - openfire Steven M. Christey (Mar 24)
