Openfire < 3.5.0 Queue Handling Remote DoS

low Nessus Network Monitor Plugin ID 4463

Synopsis

The remote host contains an application that is prone to a denial of service attack.

Description

The remote host is running Openfire / Wildfire, an instant messaging server that supports the XMPP protocol. According to its version, the installation of Openfire or Wildfire on the remote host suffers from an unspecified denial of service vulnerability that could bring the server down.

Solution

Upgrade to version 3.5.0 or higher.

See Also

http://www.openwall.com/lists/oss-security/2008/04/10/7

http://www.igniterealtime.org/issues/browse/JM-1289

Plugin Details

Severity: Low

ID: 4463

Family: CGI

Published: 4/14/2008

Updated: 3/6/2019

Nessus ID: 31855

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ignite_realtime:openfire

Reference Information

CVE: CVE-2008-1728

BID: 28722