Arch Linux Security Advisory ASA-201612-21 ========================================== Severity: High Date : 2016-12-23 CVE-ID : CVE-2015-6972 CVE-2015-6973 CVE-2015-7707 Package : openfire Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-15 Summary ======= The package openfire before version 4.1.0-1 is vulnerable to multiple issues including privilege escalation, cross-site request forgery and cross-site scripting. Resolution ========== Upgrade to 4.1.0-1. # pacman -Syu "openfire>=4.1.0-1" The problems have been fixed upstream in version 4.1.0. Workaround ========== None. Description =========== - CVE-2015-6972 (cross-site scripting) Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group- summary.jsp. - CVE-2015-6973 (cross-site request forgery) Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. - CVE-2015-7707 (privilege escalation) Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit- form.jsp. Impact ====== A remote attacker is able to escalate privileges, perform cross-site request forgery and cross-site scripting. References ========== http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt https://igniterealtime.org/issues/browse/OF-942 http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt https://issues.igniterealtime.org/browse/OF-941 https://security.archlinux.org/CVE-2015-6972 https://security.archlinux.org/CVE-2015-6973 https://security.archlinux.org/CVE-2015-7707