Vulnerability Description
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Igniterealtime | Openfire | <= 3.6.0a |
Related Weaknesses (CWE)
References
- http://osvdb.org/49663Exploit
- http://secunia.com/advisories/32478
- http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txtExploit
- http://www.andreas-kurtz.de/archives/63
- http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.htmlPatchVendor Advisory
- http://www.igniterealtime.org/issues/browse/JM-1489PatchVendor Advisory
- http://www.securityfocus.com/archive/1/498162/100/0/threaded
- http://www.securityfocus.com/bid/32189Exploit
- http://www.vupen.com/english/advisories/2008/3061Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46488
- https://www.exploit-db.com/exploits/7075
- http://osvdb.org/49663Exploit
- http://secunia.com/advisories/32478
- http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txtExploit
- http://www.andreas-kurtz.de/archives/63
FAQ
What is CVE-2008-6508?
CVE-2008-6508 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (...
How severe is CVE-2008-6508?
CVE-2008-6508 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6508?
Check the references section above for vendor advisories and patch information. Affected products include: Igniterealtime Openfire.