CVE-2009-0497
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
CVE
CVE-2009-0497
Status
Candidate
Description
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
Severity
Medium
CVSS score
5
CVSS vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Phase
Assigned (10.02.2009)
NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0497
References
BID :
32945
BUGTRAQ :
20090108 CORE-2008-1128: Openfire multiple vulnerabilities
MISC :
http://svn.igniterealtime.org/svn/repos/openfire/t...
MISC :
http://www.coresecurity.com/content/openfire-multi...
MISC :
https://bugs.gentoo.org/show_bug.cgi?id=257585
SECUNIA :
33452
XF :
openfire-log-directory-traversal(47806)
SecurityVulns:
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
