Arbitrary HTTP GET Request Vulnerability in Ignite Realtime Openfire

Arbitrary HTTP GET Request Vulnerability in Ignite Realtime Openfire

CVE-2019-18394 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

Learn more about our Cis Benchmark Audit For Server Software.