Unrated severityNVD Advisory· Published Feb 10, 2009· Updated Apr 23, 2026
CVE-2009-0497
CVE-2009-0497
Description
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
Affected products
1- cpe:2.3:a:igniterealtime:openfire:3.6.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jspnvdExploit
- secunia.com/advisories/33452nvdVendor Advisory
- www.coresecurity.com/content/openfire-multiple-vulnerabilitiesnvd
- www.securityfocus.com/archive/1/499880/100/0/threadednvd
- www.securityfocus.com/bid/32945nvd
- bugs.gentoo.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/47806nvd
News mentions
0No linked articles in our index yet.