7.5

CVE-2007-2975

EPSS 2.79%
Veröffentlicht 01.06.2007 01:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ignite Realtime ≫ Openfire Version <= 3.3.0

Ignite Realtime ≫ Openfire Version2.6.0

Ignite Realtime ≫ Openfire Version2.6.1

Ignite Realtime ≫ Openfire Version2.6.2

Ignite Realtime ≫ Openfire Version3.0.0

Ignite Realtime ≫ Openfire Version3.0.1

Ignite Realtime ≫ Openfire Version3.1.0

Ignite Realtime ≫ Openfire Version3.1.1

Ignite Realtime ≫ Openfire Version3.2.0

Ignite Realtime ≫ Openfire Version3.2.1

Ignite Realtime ≫ Openfire Version3.2.2

Ignite Realtime ≫ Openfire Version3.2.3

Ignite Realtime ≫ Openfire Version3.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.79%	0.857

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://blogs.reucon.com/srt/2007/05/11/openfire_3_3_1_fixes_critical_security_issue.html

http://secunia.com/advisories/25427

Vendor Advisory

http://www.igniterealtime.org/issues/browse/JM-1049

Patch

Vendor Advisory

http://www.osvdb.org/36713

http://www.securityfocus.com/bid/24205

Patch

https://nvd.nist.gov/vuln/detail/CVE-2007-2975

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2975

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2975

EUVD