Lucene search
PRIOn knowledge basePRION:CVE-2009-1595HistoryMay 11, 2009 - 2:30 p.m.
Design/Logic Flaw
2009-05-1114:30:00
PRIOn knowledge base
www.prio-n.com
4
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
References
osvdb.org/54189
secunia.com/advisories/34976
www.igniterealtime.org/builds/openfire/docs/latest/changelog.html
www.igniterealtime.org/community/message/190280
www.igniterealtime.org/issues/browse/JM-1531
www.securityfocus.com/bid/34804
www.vupen.com/english/advisories/2009/1237
exchange.xforce.ibmcloud.com/vulnerabilities/50292
Related
osv
osv
github
github
nvd
nvd
CVE-2009-1595
2009-05-11 14:30:00
nessus
nessus
Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation
2009-05-05 00:00:00
GLSA-201406-35 : Openfire: Multiple vulnerabilities
2014-07-01 00:00:00
cve
cve
CVE-2009-1595
2009-05-11 14:30:00
cvelist
cvelist
CVE-2009-1595
2009-05-11 14:02:00
openvas
openvas
Openfire < 3.6.5 Security Bypass Vulnerabilities
2009-05-18 00:00:00
Openfire Security Bypass Vulnerabilities
2009-05-18 00:00:00
Gentoo Security Advisory GLSA 201406-35
2015-09-29 00:00:00
gentoo
gentoo
Openfire: Multiple vulnerabilities
2014-06-30 00:00:00
freebsd
freebsd
openfire -- multiple vulnerabilities
2008-11-07 00:00:00