Openfire < 3.6.3 Multiple Vulnerabilities

medium Nessus Plugin ID 35628

Synopsis

The remote host contains an application that is affected by multiple vulnerabilities.

Description

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol.

According to its version, the installation of Openfire or Wildfire is affected by multiple vulnerabilities :

- Multiple .jsp scripts namely, 'logviewer.jsp' (BID 32935), 'group-summary.jsp' (BID 32937), 'user-properties.jsp' (BID 32938), 'audit-policy.jsp' (BID 32939) and 'log.jsp' (BID 32940) fail to sanitize input supplied by authorized users, and hence are affected by cross-site scripting vulnerabilities.

- Provided an administrator's browser session is allowed to execute arbitrary Javascript and an attacker has managed to steal session cookies, it may be possible for an attacker to execute arbitrary code on the remote system by uploading a new server plugin.

- Pages 'security-audit-viewer.jsp', 'server-properties.js' (BID 32943) and 'muc-room-summary.jsp' (BID 32944) are affected by a stored cross-site scripting vulnerabilities. (BID 32943)

- log.jsp fails to sanitize input passed to the 'log' parameter by an authorized user, and hence it may be possible for an authenticated attacker to read arbitrary .log files. (BID 32945)

Solution

Upgrade to Openfire version 3.6.3 or later.

See Also

http://www.coresecurity.com/content/openfire-multiple-vulnerabilities

https://seclists.org/bugtraq/2009/Jan/46

Plugin Details

Severity: Medium

ID: 35628

File Name: openfire_3_6_3.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 2/9/2009

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:igniterealtime:openfire

Required KB Items: Settings/ParanoidReport

Exploit Ease: No exploit is required

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-0496, CVE-2009-0497

BID: 32935, 32937, 32938, 32939, 32940, 32943, 32944, 32945

CWE: 22, 79

Secunia: 33452