Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Openfire < 3.3.1 Admin Console Privilege Escalation

Medium

Synopsis

The remote web server allows unauthenticated access to its administrative console.

Description

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol.

The version of Openfire or Wildfire installed on the remote host allows unauthenticated access to a servlet, which could allow a malicious user to upload code to Openfire via its admin console.

Solution

Either firewall access to the admin console on this port or upgrade to Openfire version 3.3.1 or higher.