Ignite Realtime · Openfire · CVE-2009-0497
**Name of the Vulnerable Software and Affected Versions**
Openfire version 3.6.2
**Description**
A directory traversal issue exists in log.jsp, allowing remote attackers to read arbitrary files by providing a .. (dot dot backslash) in the `log` parameter.
**Recommendations**
For Openfire version 3.6.2, update to a version that fixes this issue, as using a .. (dot dot backslash) in the `log` parameter of the log.jsp file can allow remote attackers to read arbitrary files.