CVE-2007-2975

Name of the Vulnerable Software and Affected Versions Ignite Realtime Openfire versions 3.3.0 and earlier

Description The issue is related to the admin console in Ignite Realtime Openfire, where a filter mapping in web.xml is not properly specified. This allows remote attackers to gain privileges and execute arbitrary code by accessing functionality exposed through DWR.

Recommendations For versions 3.3.0 and earlier, consider restricting access to the admin console and DWR functionality until a proper fix is applied. As a temporary workaround, disabling DWR or limiting its exposure can help minimize the risk of exploitation.