Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200804-26
HistoryApr 23, 2008 - 12:00 a.m.

Openfire: Denial of service

2008-04-2300:00:00
Gentoo Foundation
security.gentoo.org
11

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.5%

JSON

Background

Openfire (formerly Wildfire) is a Java implementation of a complete Jabber server.

Description

Openfire’s connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session’s send buffer.

Impact

Remote authenticated attackers could trigger large outgoing queues without reading messages, causing a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Openfire users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-im/openfire-3.5.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-im/openfire< 3.5.0UNKNOWN

Related

nessus 4
openvas 6
securityvulns 2
github 1
freebsd 2
cvelist 1
cve 1
osv 1
nvd 1
prion 1
nessus
nessus
FreeBSD : openfire -- unspecified denial of service (b84a992a-12ab-11dd-bab7-0016179b2dd5)
2008-04-28 00:00:00
Openfire < 3.5.0 ConnectionManagerImpl.java Queue Handling Remote DoS
2008-04-11 00:00:00
GLSA-200804-26 : Openfire: Denial of Service
2008-04-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200804-26 (openfire)
2008-09-24 00:00:00
FreeBSD Ports: openfire
2008-09-04 00:00:00
FreeBSD Ports: openfire
2008-09-04 00:00:00
securityvulns
securityvulns
OpenFire jabber server DoS
2008-04-24 00:00:00
[ GLSA 200804-26 ] Openfire: Denial of Service
2008-04-24 00:00:00
github
github
Ignite Realtime Openfire allows remote authenticated users to cause a denial of service
2022-05-01 23:42:48
freebsd
freebsd
openfire -- unspecified denial of service
2008-04-10 00:00:00
openfire -- multiple vulnerabilities
2008-11-07 00:00:00
cvelist
cvelist
CVE-2008-1728
2008-04-11 19:00:00
cve
cve
CVE-2008-1728
2008-04-11 19:05:00
osv
osv
Ignite Realtime Openfire allows remote authenticated users to cause a denial of service
2022-05-01 23:42:48
nvd
nvd
CVE-2008-1728
2008-04-11 19:05:00
prion
prion
Design/Logic Flaw
2008-04-11 19:05:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.5%

JSON
Related for GLSA-200804-26
nessus4openvas6securityvulns2github1freebsd2cvelist1cve1osv1nvd1prion1