Vulnerability Details : CVE-2008-1728
ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.
Vulnerability category: Denial of service
Products affected by CVE-2008-1728
- cpe:2.3:a:ignite_realtime:openfire:3.4.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1728
1.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1728
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2008-1728
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1728
-
http://security.gentoo.org/glsa/glsa-200804-26.xml
Openfire: Denial of service (GLSA 200804-26) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2008/04/10/7
oss-security - CVE request: openfire <3.5.0 Denial of Service
-
http://www.igniterealtime.org/fisheye/changelog/svn-org?cs=10031
404 Error - Page Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41744
Openfire ConnectionManagerImpl.java denial of service CVE-2008-1728 Vulnerability Report
-
http://www.securityfocus.com/bid/28722
-
http://www.igniterealtime.org/issues/browse/JM-1289
Vendor Advisory
-
http://www.vupen.com/english/advisories/2008/1188/references
-
http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html
Openfire Changelog
Jump to