Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6511

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-6511
Last Modified 25 Mar 2009 04:17:56
Published 23 Mar 2009 04:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6511

Summary

Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

Vulnerable Systems

Application

  • Igniterealtime Openfire 2.6.0

  • Igniterealtime Openfire 2.6.1

  • Igniterealtime Openfire 2.6.2

  • Igniterealtime Openfire 3.0.0

  • Igniterealtime Openfire 3.0.1

  • Igniterealtime Openfire 3.1.0

  • Igniterealtime Openfire 3.1.1

  • Igniterealtime Openfire 3.2.0

  • Igniterealtime Openfire 3.2.1

  • Igniterealtime Openfire 3.2.2

  • Igniterealtime Openfire 3.2.3

  • Igniterealtime Openfire 3.2.4

  • Igniterealtime Openfire 3.3.0

  • Igniterealtime Openfire 3.3.2

  • Igniterealtime Openfire 3.3.3

  • Igniterealtime Openfire 3.4.0

  • Igniterealtime Openfire 3.4.1

  • Igniterealtime Openfire 3.4.3

  • Igniterealtime Openfire 3.4.4

  • Igniterealtime Openfire 3.4.5

  • Igniterealtime Openfire 3.5.0

  • Igniterealtime Openfire 3.5.1

  • Igniterealtime Openfire 3.5.2

  • Igniterealtime Openfire 3.6.0

  • Igniterealtime Openfire 3.6.0a


References

BUGTRAQ - 20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)

MILW0RM - 7075

MISC - http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt


Last Updated: 27 May 2016 10:49:13