Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2007-2975

Опубликовано: 01 июн. 2007
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ignite_realtime:openfire:*:*:*:*:*:*:*:*
Версия до 3.3.0 (включая)
cpe:2.3:a:ignite_realtime:openfire:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ignite_realtime:openfire:3.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.0279
Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-cxh3-p9rw-hjrr

github
почти 4 года назад

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.

EPSS

Процентиль: 86%
0.0279
Низкий

7.5 High

CVSS2

Дефекты

CWE-264