Vulnerability CVE-2008-6511
Published: 2009-03-23   Modified: 2012-02-12

Description:
Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

See advisories in our WLB2 database:
Topic
Author
Date
High
Openfire Jabber-Server: Multiple Vulnerabilities
Andreas Kurtz
26.03.2009

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Igniterealtime -> Openfire 

 References:
http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
http://www.securityfocus.com/archive/1/498162/100/0/threaded
https://www.exploit-db.com/exploits/7075
Copyright 2024, cxsecurity.com

 

Back to Top