PT-2019-5531 · Ignite Realtime · Openfire

Alexandr Shvetsov

Publicado

2019-10-03

Atualizado

2024-07-12

CVE-2019-18394

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Openfire versions through 4.4.2

Description A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java allows attackers to send arbitrary HTTP GET requests. The issue is related to insufficient validation of incoming requests, which can be exploited by a remote attacker.

Recommendations For versions through 4.4.2, update to version 4.5.0-beta or later to resolve the issue. As a temporary workaround, consider restricting access to the FaviconServlet.java function to minimize the risk of exploitation.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

BDU:2020-03818

CVE-2019-18394

GHSA-MFJW-X4Q4-69P9

Produtos afetados

Openfire

PT-2019-5531 · Ignite Realtime · Openfire

CVE-2019-18394

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14