Openfire < 3.5.0 ConnectionManagerImpl.java Queue Handling Remote DoS

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is prone to a denial of
service attack.

Description :

The remote host is running Openfire / Wildfire, an instant messaging
server supporting the XMPP protocol.

According to its version, the installation of Openfire or Wildfire on
the remote host suffers from a denial of service vulnerability that
could bring the server down because it has no limit on a client
session's send buffer and can not handle clients that fail to read
messages.

See also :

http://www.igniterealtime.org/issues/browse/JM-1289
http://www.openwall.com/lists/oss-security/2008/04/10/7

Solution :

Upgrade to Openfire version 3.5.0 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 31855 ()

Bugtraq ID: 28722

CVE ID: CVE-2008-1728