Loading
Generated remediation guidance and an executive summary. No account required.
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.
Use CWE-22, Igniterealtime vendor hub and Openfire product page to widen CVE-2008-6508 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2023-32315, CVE-2024-25421 and CVE-2021-45967 for nearby disclosures in the same product family.