Apache OpenMeetings ZIP file path traversal vulnerability (CVE-2016-0784)
Apache OpenMeetings ZIP file path traversal vulnerability (CVE-2016-0784)
Release date:
Updated on:
Affected Systems:
Apache Group OpenMeetings 1.9.x - 3.1.0
Unaffected system:
Apache Group OpenMeetings 3.1.1
Description:
CVE (CAN) ID: CVE-2016-0784
Apache OpenMeetings is a solution for audio and video conferencing.
Apache OpenMeetings 1.9.x-3.1.0, the Import/Export System Backups function has the path traversal vulnerability. Upload a ZIP package containing a special file name, which can overwrite files in some directories, then execute the shell script.
<* Source: Andreas Lindh
Link: http://openmeetings.apache.org/security.html
*>
Suggestion:
Vendor patch:
Apache Group
------------
Apache Group has released a Security Bulletin (CVE-2016-0784-ZIP file path traversal) and patches for this:
CVE-2016-0784-ZIP file path traversal: CVE-2016-0784-ZIP file path traversal
Link: http://openmeetings.apache.org/security.html
Install OpenMeetings on a Linux/Unix system. Free video conference graphic tutorial
OpenMeetings Installation
OpenMeetings installation for Open-Source Video Conferencing Systems in Linux
Tutorial on building an OpenMeetings1.9 Video Conferencing System in Windows
For details about OpenMeetings, click here
OpenMeetings: click here
This article permanently updates the link address: