icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Openfire < 3.3.1 Admin Console Privilege Escalation

Medium

Synopsis

The remote web server allows unauthenticated access to its administrative console.

Description

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol.

The version of Openfire or Wildfire installed on the remote host allows unauthenticated access to a servlet, which could allow a malicious user to upload code to Openfire via its admin console.

Solution

Either firewall access to the admin console on this port or upgrade to Openfire version 3.3.1 or higher.