CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-18394

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile39.56th
Published2019年10月24日
Last Modified2024年11月21日

Vulnerability Description

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

Affected Platforms (CPE)

📦
Igniterealtime

Openfire

<= 4.4.2

References & Advisories

🔗 https://github.com/igniterealtime/Openfire/pull/1497
🔗 https://swarm.ptsecurity.com/openfire-admin-console/
🔗 https://github.com/igniterealtime/Openfire/pull/1497
🔗 https://swarm.ptsecurity.com/openfire-admin-console/

関連する脆弱性情報

CVE-2017-28158.1

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web requ...

CVE-2014-27417.8

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML...

CVE-2008-65097.5

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrar...

CVE-2007-29757.5

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in ...