CVE-2009-1595

Опубликовано: 11 мая 2009

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.

Ссылки

http://osvdb.org/54189
http://secunia.com/advisories/34976
Vendor Advisory
http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html
Patch
http://www.igniterealtime.org/community/message/190280
Exploit
Patch
Vendor Advisory
http://www.igniterealtime.org/issues/browse/JM-1531
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/bid/34804
Exploit
Patch
http://www.vupen.com/english/advisories/2009/1237
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50292
http://osvdb.org/54189
http://secunia.com/advisories/34976
Vendor Advisory
http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html
Patch
http://www.igniterealtime.org/community/message/190280
Exploit
Patch
Vendor Advisory
http://www.igniterealtime.org/issues/browse/JM-1531
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/bid/34804
Exploit
Patch
http://www.vupen.com/english/advisories/2009/1237
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50292

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*

Версия до 3.6.3 (включая)

cpe:2.3:a:igniterealtime:openfire:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.5.0:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.6.0a:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:igniterealtime:openfire:3.6.2:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07857

Низкий

4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-r62w-x9pp-jrqp

github

почти 4 года назад

Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts