CVE-2007-2975

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.
Configurations

Configuration 1

cpe:2.3:a:ignite_realtime:openfire:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:*:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.1.1:*:*:*:*:*:*:*

Information

Published : 2007-06-01 01:30

Updated : 2008-09-10 04:00


NVD link : CVE-2007-2975

Mitre link : CVE-2007-2975

Products Affected
No products.
CWE