Openfire < 3.5.0 ConnectionManagerImpl.java Queue Handling Remote DoS
High Nessus Plugin ID 31855
SynopsisThe remote host contains an application that is prone to a denial of service attack.
DescriptionThe remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol.
According to its version, the installation of Openfire or Wildfire on the remote host suffers from a denial of service vulnerability that could bring the server down because it has no limit on a client session's send buffer and can not handle clients that fail to read messages.
SolutionUpgrade to Openfire version 3.5.0 or later.