Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-03-23T19:26:00
Updated: 2018-10-11T19:57:01
Reserved: 2009-03-23T00:00:00
Link: CVE-2008-6508
JSON object: View
NVD Information
Status : Modified
Published: 2009-03-23T20:00:00.203
Modified: 2018-10-11T20:57:18.733
Link: CVE-2008-6508
JSON object: View
Redhat Information
No data.
CWE