CVE-2008-1728

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.

Published Bycve@mitre.org

Published DateApr 11, 2008, 19:05

Affected Versions(2)

org.igniterealtime.openfire:parent(Maven)

Introduced0

Fixed3.5.0

LimitN/A

org.igniterealtime.openfire:openfire(Maven)

Introduced0

Fixed3.5.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.igniterealtime.openfire:parent(Maven)	0	3.5.0	N/A
org.igniterealtime.openfire:openfire(Maven)	0	3.5.0	N/A

Weakness Type (CWE):CWE-399

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:S/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-399

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:S/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL