CVE-2007-2975
Last modified
CVE-2007-2975 is a vulnerability of currently unknown severity. The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.. EPSS estimates a 2.54% chance of exploitation in the next 30 days.
Description
The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ignite Realtime | Openfire | <= 3.3.0 |
| Ignite Realtime | Openfire | 2.6.0 |
| Ignite Realtime | Openfire | 2.6.1 |
| Ignite Realtime | Openfire | 2.6.2 |
| Ignite Realtime | Openfire | 3.0.0 |
| Ignite Realtime | Openfire | 3.0.1 |
| Ignite Realtime | Openfire | 3.1.0 |
| Ignite Realtime | Openfire | 3.1.1 |
| Ignite Realtime | Openfire | 3.2.0 |
| Ignite Realtime | Openfire | 3.2.1 |
| Ignite Realtime | Openfire | 3.2.2 |
| Ignite Realtime | Openfire | 3.2.3 |
| Ignite Realtime | Openfire | 3.2.4 |
References
- http://secunia.com/advisories/25427Vendor Advisory
- http://www.igniterealtime.org/issues/browse/JM-1049Patch, Vendor Advisory
- http://secunia.com/advisories/25427Vendor Advisory
- http://www.igniterealtime.org/issues/browse/JM-1049Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2975?
How severe is CVE-2007-2975?
How do I fix CVE-2007-2975?
Are you affected by CVE-2007-2975?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST