[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: Openfire <3.6.3 XSS vulnerabilities
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-02-10 0:52:47
Message-ID: Pine.GSO.4.51.0902091951420.15993 () faron ! mitre ! org
[Download RAW message or body]


It could be argued that the code execution that's enabled by CVE-2009-0496
is actually a distinct CSRF, but I'm not clear enough on the internals to
be sure.

- Steve


======================================================
Name: CVE-2009-0496
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0496
Reference: BUGTRAQ:20090108 CORE-2008-1128: Openfire multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/499880/100/0/threaded
Reference: MISC:http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
Reference: CONFIRM:http://www.igniterealtime.org/issues/browse/JM-1506
Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=254309
Reference: BID:32935
Reference: URL:http://www.securityfocus.com/bid/32935
Reference: BID:32937
Reference: URL:http://www.securityfocus.com/bid/32937
Reference: BID:32938
Reference: URL:http://www.securityfocus.com/bid/32938
Reference: BID:32939
Reference: URL:http://www.securityfocus.com/bid/32939
Reference: BID:32940
Reference: URL:http://www.securityfocus.com/bid/32940
Reference: BID:32943
Reference: URL:http://www.securityfocus.com/bid/32943
Reference: BID:32944
Reference: URL:http://www.securityfocus.com/bid/32944
Reference: SECUNIA:33452
Reference: URL:http://secunia.com/advisories/33452
Reference: XF:openfire-mucroomeditform-xss(47845)
Reference: URL:http://xforce.iss.net/xforce/xfdb/47845
Reference: XF:openfire-multiple-scripts-xss(47834)
Reference: URL:http://xforce.iss.net/xforce/xfdb/47834
Reference: XF:openfire-serverproperties-xss(47835)
Reference: URL:http://xforce.iss.net/xforce/xfdb/47835

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime
Openfire 3.6.2 allow remote attackers to inject arbitrary web script
or HTML via the (1) log parameter to (a) logviewer.jsp and (b)
log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username
parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize,
(6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e)
audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp;
and the (10) roomconfig_roomname and (11) roomconfig_roomdesc
parameters to (g) muc-room-edit-form.jsp.  NOTE: this can be leveraged
for arbitrary code execution by using XSS to upload a malicious
plugin.


======================================================
Name: CVE-2009-0497
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0497
Reference: BUGTRAQ:20090108 CORE-2008-1128: Openfire multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/499880/100/0/threaded
Reference: MISC:http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp
Reference: MISC:http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
Reference: MISC:https://bugs.gentoo.org/show_bug.cgi?id=257585
Reference: BID:32945
Reference: URL:http://www.securityfocus.com/bid/32945
Reference: SECUNIA:33452
Reference: URL:http://secunia.com/advisories/33452
Reference: XF:openfire-log-directory-traversal(47806)
Reference: URL:http://xforce.iss.net/xforce/xfdb/47806

Directory traversal vulnerability in log.jsp in Ignite Realtime
Openfire 3.6.2 allows remote attackers to read arbitrary files via a
..\ (dot dot backslash) in the log parameter.


[prev in list] [next in list] [prev in thread] [next in thread]