lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 25 Mar 2016 15:57:27 +0600
From: Maxim Solodovnik <solomax@...che.org>
To: Openmeetings user-list <user@...nmeetings.apache.org>,
  dev <dev@...nmeetings.apache.org>, security@...nmeetings.apache.org,
  security@...che.org, oss-security@...ts.openwall.com,
  bugtraq@...urityfocus.com
Subject: [CVE-2016-2164] Arbitrary file read via SOAP API

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7

Description:
When attempting to upload a file via the API using the
importFileByInternalUserId
or importFile methods in the FileService, it is possible to read arbitrary
files from the system. This is due to that Java's URL class is used without
checking what protocol handler is specified in the API call.

All users are recommended to upgrade to Apache OpenMeetings 3.1.1

Credit: This issue was identified by Andreas Lindh


Apache OpenMeetings Team

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ