NVD

Id
48864  
Name
CVE-2009-1595  
Description
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2009-05-11  
Modified Date
2009-05-11  
Seq
2009-1595  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
246933 48864 CVE-2009-1595 http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html  View
246934 48864 CVE-2009-1595 http://www.igniterealtime.org/community/message/190280  View
246935 48864 CVE-2009-1595 http://www.igniterealtime.org/issues/browse/JM-1531  View
246936 48864 CVE-2009-1595 34804  View
246937 48864 CVE-2009-1595 ADV-2009-1237  View
246938 48864 CVE-2009-1595 openfire-jabberiqauth-security-bypass(50292)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
43640 JVNDB-2009-004647 Ignite Realtime Openfire の IQAuthHandler.java におけるパスワードを変更される脆弱性 Ignite Realtime Openfire の IQAuthHandler.java の jabber:iq:auth 実装には、任意のアカウントのパスワードを変更される脆弱性が存在します。 CVE-2009-1595 39026 CVE-2009-1595 48864 4 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004647.html 2009-04-11 2012-09-25 View