CVE-2008-1728 — Ignite Realtime Openfire allows remote authenticated users to cause a denial of

Description

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.

How to fix CVE-2008-1728

To remediate CVE-2008-1728, upgrade the affected package to a fixed version below.

Maven/org.igniterealtime.openfire:openfire—upgrade to 3.5.0 or later
Maven/org.igniterealtime.openfire:parent—upgrade to 3.5.0 or later

Is CVE-2008-1728 being exploited?

Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 3.5.0
from 0, < 3.5.0

References (12)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2008-1728
PATCHgithub.com/igniterealtime/Openfire
WEBsecurity.gentoo.org/glsa/glsa-200804-26.xml
WEBexchange.xforce.ibmcloud.com/vulnerabilities/41744
WEB