Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6509

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6509
Last Modified 12 Aug 2009 01:24:48
Published 23 Mar 2009 04:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6509

Summary

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.

Vulnerable Systems

Application

  • Igniterealtime Openfire 2.6.0

  • Igniterealtime Openfire 2.6.1

  • Igniterealtime Openfire 2.6.2

  • Igniterealtime Openfire 3.0.0

  • Igniterealtime Openfire 3.0.1

  • Igniterealtime Openfire 3.1.0

  • Igniterealtime Openfire 3.1.1

  • Igniterealtime Openfire 3.2.0

  • Igniterealtime Openfire 3.2.1

  • Igniterealtime Openfire 3.2.2

  • Igniterealtime Openfire 3.2.3

  • Igniterealtime Openfire 3.2.4

  • Igniterealtime Openfire 3.3.0

  • Igniterealtime Openfire 3.3.2

  • Igniterealtime Openfire 3.3.3

  • Igniterealtime Openfire 3.4.0

  • Igniterealtime Openfire 3.4.1

  • Igniterealtime Openfire 3.4.3

  • Igniterealtime Openfire 3.4.4

  • Igniterealtime Openfire 3.4.5

  • Igniterealtime Openfire 3.5.0

  • Igniterealtime Openfire 3.5.1

  • Igniterealtime Openfire 3.5.2

  • Igniterealtime Openfire 3.6.0

  • Igniterealtime Openfire 3.6.0a


References

XF - openfire-siparklogsummary-sql-injection(46487)

VUPEN - ADV-2008-3061

BID - 32189

BUGTRAQ - 20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)

MILW0RM - 7075

CONFIRM - http://www.igniterealtime.org/issues/browse/JM-1488

MISC - http://www.andreas-kurtz.de/archives/63

MISC - http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt

SECUNIA - 32478

OSVDB - 51912


Last Updated: 27 May 2016 10:49:13