oss-sec mailing list archives

Re: CVE request: openfire <3.5.0 Denial of Service

From: "Steven M. Christey" <coley () linus mitre org>
Date: Sat, 12 Apr 2008 15:20:57 -0400 (EDT)


======================================================
Name: CVE-2008-1728
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1728
Reference: MISC:http://www.igniterealtime.org/fisheye/changelog/svn-org?cs=10031
Reference: URL:http://www.openwall.com/lists/oss-security/2008/04/10/7
Reference: CONFIRM:http://www.igniterealtime.org/issues/browse/JM-1289
Reference: MLIST:[oss-security] 20080411 CVE request: openfire <3.5.0
Reference: SECUNIA:29751
Reference: URL:http://secunia.com/advisories/29751

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows
remote attackers to cause a denial of service (daemon outage) by
triggering large outgoing queues without reading messages.

Current thread:

CVE request: openfire <3.5.0 Denial of Service Robert Buchholz (Apr 10)
- Re: CVE request: openfire <3.5.0 Denial of Service Steven M. Christey (Apr 12)