This Metasploit module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This Metasploit module has been tested against Openfire 3.6.0a. It is possible to remove the uploaded plugin after execution, however this might turn the server in some kind of unstable state, making re-exploitation difficult. You might want to do this manually.
f96c770e59d9d05308428a0fe45cb31107b3064402edcf2653bd604b617ffe44
Gentoo Linux Security Advisory GLSA 200904-01 - Multiple vulnerabilities were discovered in Openfire, the worst of which may allow remote execution of arbitrary code. Versions less than 3.6.3 are affected.
f380d0bfe92436732548477d1098f7a56b2edb3e20c897bdd1bca009cfce64ea