Openfire 3.6.2 - 'log.jsp' Directory Traversal
| EKU-ID: 37581 | CVE: CVE-2009-0497;OSVDB-51426 | OSVDB-ID: |
| Author: Federico Muttis | Published: 2009-01-08 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 37581 | CVE: CVE-2009-0497;OSVDB-51426 | OSVDB-ID: |
| Author: Federico Muttis | Published: 2009-01-08 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/32945/info Openfire is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. Openfire 3.6.2 is vulnerable; prior versions may also be affected. http://www.example.com/log.jsp?log=..\..\..\windows\debug\netsetup