Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Mar 2009 11:18:10 +0100
From: Matti Bickel <mabi@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request - openfire

Hi,

   these are old issues, but could we get a CVE identifier for them,
   anyway?

   All issues are from this advisory:
    http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt

   (1) Authentication Bypass using a special URL (possible remote code
       execution)
   Fixed in 3.6.1
   References:
    http://www.igniterealtime.org/issues/browse/JM-1489

   (2) XSS in login.jsp (possible session hijacking)
   Fixed in 3.6.0
   References:
    http://www.igniterealtime.org/issues/browse/JM-629

   (3) SQL injection in sip plugin
   Fixed in 3.6.1
   References:
    http://www.igniterealtime.org/issues/browse/JM-1488

Thanks,
  Matti
-- 
Encrypted/Signed Email preferred

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.