CVE-2008-6508

NONECVSS 0.0

0.0

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.

🔗 References (22)

cve@mitrehttp://osvdb.org/49663
cve@mitrehttp://secunia.com/advisories/32478
cve@mitrehttp://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
cve@mitrehttp://www.andreas-kurtz.de/archives/63
cve@mitrehttp://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html
cve@mitrehttp://www.igniterealtime.org/issues/browse/JM-1489
cve@mitrehttp://www.securityfocus.com/archive/1/498162/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/32189
cve@mitrehttp://www.vupen.com/english/advisories/2008/3061
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/46488
cve@mitrehttps://www.exploit-db.com/exploits/7075
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/49663
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32478
af854a3a-2127-422b-91ae-364da2661108http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
af854a3a-2127-422b-91ae-364da2661108http://www.andreas-kurtz.de/archives/63

Is Your Infrastructure Affected by CVE-2008-6508?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-6508

📅 Published

🔄 Last Modified

🔗 References (22)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-6508?