Vulnerability
Openfire, a Jabber portal assisted by Ignite Realtime. It is a Java application that works through many platforms. It is a network for small companies that allows them to monitor private communications and make immediate messaging more convenient. Versions of the Openfire Admin Console prior to 4.4.3 are subject to a full read SSRF flaw in the FaviconServlet. Unauthenticated attackers can exploit this flaw by sending arbitrary HTTP GET requests to the corporate network and obtaining full-sized outputs from the intended web services.
Mitigation / Precaution
- Update Openfire to the most recent patch (This problem was resolved in version 4.4.3).
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
