powered by Jive Software

Openfire / Red 5 using MyWebServer?

Hi there

Our security team has run vulnerability checks on a bunch of servers, one of which is our Red Hat 5.0 Openfire 3.5.2 server. Amongst other things, it has come up with the following -

**10.x.x.x / nvmp-openfire-01: 7070 **

MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version.


**10.x.x.x / nvmp-openfire-01: 9090 **

MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version.

I’m not familiar with MyWebServer - does anyone know whether Openfire uses this application? I’ve never come across it before. We are using Red5 0.0.27 and we do have HTTP binding enabled on Openfire. If it is used in the back end somewhere, can it be upgraded independently of Openfire?

Thanks, Nick