CVE-2016-10027
https://notcve.org/view.php?id=CVE-2016-10027
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response. Condición de carrera en la librería XMPP en Smack en versiones anteriores a 4.1.9, cuando se ha establecido la configuración TLS SecurityMode.required, permite a atacantes man-in-the-middle eludir las protecciones TLS y desencadenar el uso de texto plano para la autenticación del cliente eliminando la función "starttls" de una respuesta del servidor. • http://www.openwall.com/lists/oss-security/2016/12/22/12 http://www.securityfocus.com/bid/95129 https://community.igniterealtime.org/blogs/ignite/2016/11/22/smack-security-advisory-2016-11-22 https://github.com/igniterealtime/Smack/commit/059ee99ba0d5ff7758829acf5a9aeede09ec820b https://github.com/igniterealtime/Smack/commit/a9d5cd4a611f47123f9561bc5a81a4555fe7cb04 https://issues.igniterealtime.org/projects/SMACK/issues/SMACK-739 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-7707 – Openfire 3.10.2 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. Ignite Realtime Openfire 3.10.2 permite a usuarios remotos autenticados obtener acceso de administrador a través del parametro isadmin en user-edit-form.jsp. Openfire version Openfire 3.10.2 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/38190 http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt http://packetstormsecurity.com/files/133559/Openfire-3.10.2-Privilege-Escalation.html https://igniterealtime.org/issues/browse/OF-941 https://security.gentoo.org/glsa/201612-50 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-6972 – Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-6972
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp. Múltiples vulnerabilidades de XSS en Ignite Realtime Openfire 3.10.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) groupchatName en plugins/clientcontrol/create-bookmark.jsp; (2) urlName en plugins/clientcontrol/create-bookmark.jsp; (3) hostname en server-session-details.jsp o (4) search en group-summary.jsp. Openfire version 3.10.2 suffers from multiple persistent and reflective cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/38191 http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt http://packetstormsecurity.com/files/133558/Openfire-3.10.2-Cross-Site-Scripting.html https://security.gentoo.org/glsa/201612-50 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6973 – Openfire 3.10.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. Múltiples vulnerabilidades de CSRF en Ignite Realtime Openfire 3.10.2 permiten a atacantes remotos secuestrar la autenticación de administradores para peticiones que (1) cambian una contraseña a través de una petición manipulada a user-password.jsp, (2) añaden usuarios a tavés de una petición manipulada a user-create.jsp, (3) editan ajustes de servidor o (4) desactivan SSL en el servidor a través de una petición a server-props.jsp manipulada o (5) añaden clientes a través de una petición manipulada a plugins/clientcontrol/permitted-clients.jsp. Openfire version 3.10.2 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/38192 http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt http://packetstormsecurity.com/files/133554/Openfire-3.10.2-Cross-Site-Request-Forgery.html http://www.securityfocus.com/archive/1/536470/100/0/threaded https://security.gentoo.org/glsa/201612-50 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-3451
https://notcve.org/view.php?id=CVE-2014-3451
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. OpenFire XMPP Server en versiones anteriores a la 3.10 acepta certificados autofirmados, lo que permite que atacantes remotos realicen ataques de spoofing sin especificar. • http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html http://www.openwall.com/lists/oss-security/2015/04/23/16 http://www.securityfocus.com/archive/1/535363/100/1100/threaded http://www.securityfocus.com/bid/74305 https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released • CWE-295: Improper Certificate Validation •