CVE-2019-18393
published 2019-10-24CVE-2019-18393: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a…
PriorityP278medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
13.94%
96.1th percentile
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| igniterealtime | openfire | <= 4.4.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →A successful exploitation response body will contain Openfire configuration strings such as 'org.jivesoftware.database.EmbeddedConnectionProvider' and 'Most properties are stored in the Openfire database', indicating openfire.xml was read. ↗
- →Shodan/FOFA fingerprinting: target hosts with HTTP title 'openfire admin console' or 'openfire' are likely candidates for this vulnerability. ↗
- ·The vulnerability is exploitable without authentication (PR:N, UI:N per CVSS), meaning no session or login token is required to trigger the directory traversal. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Ignite Realtime Openfire directory traversal vulnerability
ghsa·2022-05-24
CVE-2019-18393 [MEDIUM] CWE-22 Ignite Realtime Openfire directory traversal vulnerability
Ignite Realtime Openfire directory traversal vulnerability
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. Version 4.5.0-beta contains a fix for the issue.
OSV
Ignite Realtime Openfire directory traversal vulnerability
osv·2022-05-24
CVE-2019-18393 [MEDIUM] Ignite Realtime Openfire directory traversal vulnerability
Ignite Realtime Openfire directory traversal vulnerability
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. Version 4.5.0-beta contains a fix for the issue.
VulnCheck
Ignite Realtime Openfire Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2019·CVSS 5.3
CVE-2019-18393 [MEDIUM] Ignite Realtime Openfire Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Ignite Realtime Openfire Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Affected: Ignite Realtime Openfire
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-04-08&host_type=src&vulnerability=cve-2019-18393; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-04-11&host_type=src&vulnerability=cve-2019-18393; https://dashboard.shadow
No detection rules found.
Nuclei
Ignite Realtime Openfire <4.42 - Local File Inclusion
nuclei·CVSS 5.3
CVE-2019-18393 [MEDIUM] Ignite Realtime Openfire <4.42 - Local File Inclusion
Ignite Realtime Openfire <4.42 - Local File Inclusion
Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.
Template:
id: CVE-2019-18393
info:
name: Ignite Realtime Openfire <4.42 - Local File Inclusion
author: pikpikcu
severity: medium
description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
remediation: |
Upgrade Ignite Realtime
2019-10-24
Published
Exploited in the wild