Vulnerability Description
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Igniterealtime | Openfire | <= 3.6.3 |
Related Weaknesses (CWE)
References
- http://osvdb.org/54189
- http://secunia.com/advisories/34976Vendor Advisory
- http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.htmlPatch
- http://www.igniterealtime.org/community/message/190280ExploitPatchVendor Advisory
- http://www.igniterealtime.org/issues/browse/JM-1531ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/34804ExploitPatch
- http://www.vupen.com/english/advisories/2009/1237PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50292
- http://osvdb.org/54189
- http://secunia.com/advisories/34976Vendor Advisory
- http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.htmlPatch
- http://www.igniterealtime.org/community/message/190280ExploitPatchVendor Advisory
- http://www.igniterealtime.org/issues/browse/JM-1531ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/34804ExploitPatch
- http://www.vupen.com/english/advisories/2009/1237PatchVendor Advisory
FAQ
What is CVE-2009-1595?
CVE-2009-1595 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username...
How severe is CVE-2009-1595?
CVE-2009-1595 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1595?
Check the references section above for vendor advisories and patch information. Affected products include: Igniterealtime Openfire.