Intrusion Prevention

Jive.Openfire.Server.SQL.Injection

Description

This indicates an attack attempt against an SQL-injection vulnerability in Openfire.
The vulnerability is caused by an error when the vulnerable software handles sipark-log-summary.jsp. It allows a remote attacker to perform SQL injection via sending a crafted web page.

Affected Products

Ignite Realtime Openfire 3.6.0a

Impact

System Compromise: Remote attackers can inject SQL codes.

Recommended Actions

Refer to the vendor's web site for the suggested workaround.

CVE References

CVE-2008-6509