Date: Sat, 21 Mar 2009 11:18:10 +0100 From: Matti Bickel <mabi@...too.org> To: oss-security@...ts.openwall.com Subject: CVE request - openfire Hi, these are old issues, but could we get a CVE identifier for them, anyway? All issues are from this advisory: http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt (1) Authentication Bypass using a special URL (possible remote code execution) Fixed in 3.6.1 References: http://www.igniterealtime.org/issues/browse/JM-1489 (2) XSS in login.jsp (possible session hijacking) Fixed in 3.6.0 References: http://www.igniterealtime.org/issues/browse/JM-629 (3) SQL injection in sip plugin Fixed in 3.6.1 References: http://www.igniterealtime.org/issues/browse/JM-1488 Thanks, Matti -- Encrypted/Signed Email preferred Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.