powered by Jive Software

Openfire 3.6.4 vulnerabilities

hi,

Following URL’s can be opened anonymously , without any authentication. How to fix this. Please repond. its quite urgent.

http://xxxxxxxxxxx:9090/images/

http://xxxxxxxxxxxxxx:9090/style/

http://xxxxxxxxxxxxxxx:9090/js/

and where is the vulnerability?

If you don’t want users to access those files use a firewall to block access to port 9090.

Hi,

directory indexing is something I usually turn of for production servers. I think one should fix this within Openfire.

Using a reverse proxy like Apache in front of Openfire allows one to block access to /images/$ if needed.

LG