CVE-2008-6508 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2008-6508
Status Candidate
Description Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.
Phase Assigned (23.03.2009)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6508
References BID : 32189
BUGTRAQ : 20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)
CONFIRM : http://www.igniterealtime.org/builds/openfire/docs...
CONFIRM : http://www.igniterealtime.org/issues/browse/JM-1489
MILW0RM : 7075
MISC : http://www.andreas-kurtz.de/advisories/AKADV2008-0...
MISC : http://www.andreas-kurtz.de/archives/63
OSVDB : 49663
VUPEN : ADV-2008-3061
XF : openfire-authcheckfilter-security-bypass(46488)
SecurityVulns: Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server