cpe:/a:igniterealtime:openfire:3.6.2 CVE-2009-0497 2009-02-09T20:30:00.407-05:00 2017-08-07T21:33:57.750-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-02-10T11:08:00.000-05:00 BUGTRAQ 20090108 CORE-2008-1128: Openfire multiple vulnerabilities BID 32945 SECUNIA 33452 MISC http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp MISC http://www.coresecurity.com/content/openfire-multiple-vulnerabilities MISC https://bugs.gentoo.org/show_bug.cgi?id=257585 XF openfire-log-directory-traversal(47806) Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.