CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18394

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile39.56th
PublishedOct 24, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

Affected Platforms (CPE)

πŸ“¦
Igniterealtime

Openfire

<= 4.4.2

References & Advisories

πŸ”— https://github.com/igniterealtime/Openfire/pull/1497
πŸ”— https://swarm.ptsecurity.com/openfire-admin-console/
πŸ”— https://github.com/igniterealtime/Openfire/pull/1497
πŸ”— https://swarm.ptsecurity.com/openfire-admin-console/

Related Vulnerabilities

CVE-2017-28158.1

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web requ...

CVE-2014-27417.8

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML...

CVE-2008-65097.5

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrar...

CVE-2007-29757.5

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in ...