Openfire SSRF (CVE-2019-18394)

critical Nessus Plugin ID 202697

Synopsis

The web application running on the remote web server is affected by a server side request forgery vulnerability.

Description

The version of Openfire installed on the remote host is prior to 4.4.3. It is, therefore, affected by a server side request forgery vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Metabase version 4.4.3 or later

See Also

http://www.nessus.org/u?f8390826

https://igniterealtime.atlassian.net/browse/OF-1885

Plugin Details

Severity: Critical

ID: 202697

File Name: openfire_CVE-2019-18394.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 7/19/2024

Updated: 11/1/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-18394

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:igniterealtime:openfire

Required KB Items: installed_sw/Openfire

Exploit Ease: No known exploits are available

Patch Publication Date: 10/24/2019

Vulnerability Publication Date: 10/24/2019

Reference Information

CVE: CVE-2019-18394

IAVB: 2024-B-0090