Apache OpenMeeting Information Leak Vulnerability (CVE-2016-2164)

Apache OpenMeeting Information Leak Vulnerability (CVE-2016-2164)
Apache OpenMeeting Information Leak Vulnerability (CVE-2016-2164)

Release date:
Updated on:

Affected Systems:

Apache Group OpenMeetings <3.1.1

Description:

CVE (CAN) ID: CVE-2016-2164

Apache OpenMeetings is an audio and video conferencing software.

In Apache OpenMeetings versions earlier than 3.1.1, the protocol handler specified in the API call is not checked during file upload. the Java URL class is incorrectly used, and remote attackers use FileService. importFileByInternalUserId and FileService. the importFile soap api method can read arbitrary files in the system.

<* Source: Apache
*>

Suggestion:

Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG

Install OpenMeetings on a Linux/Unix system. Free video conference graphic tutorial

OpenMeetings Installation

OpenMeetings installation for Open-Source Video Conferencing Systems in Linux

Tutorial on building an OpenMeetings1.9 Video Conferencing System in Windows

For details about OpenMeetings, click here
OpenMeetings: click here

This article permanently updates the link address: