Apache OpenMeetings ZIP file path traversal vulnerability (CVE-2016-0784)

Apache OpenMeetings ZIP file path traversal vulnerability (CVE-2016-0784)
Apache OpenMeetings ZIP file path traversal vulnerability (CVE-2016-0784)

Release date:
Updated on:

Affected Systems:

Apache Group OpenMeetings 1.9.x - 3.1.0

Unaffected system:

Apache Group OpenMeetings 3.1.1

Description:

CVE (CAN) ID: CVE-2016-0784

Apache OpenMeetings is a solution for audio and video conferencing.

Apache OpenMeetings 1.9.x-3.1.0, the Import/Export System Backups function has the path traversal vulnerability. Upload a ZIP package containing a special file name, which can overwrite files in some directories, then execute the shell script.

<* Source: Andreas Lindh
　

Link: http://openmeetings.apache.org/security.html
*>

Suggestion:

Vendor patch:

Apache Group
------------
Apache Group has released a Security Bulletin (CVE-2016-0784-ZIP file path traversal) and patches for this:
CVE-2016-0784-ZIP file path traversal: CVE-2016-0784-ZIP file path traversal
Link: http://openmeetings.apache.org/security.html

Install OpenMeetings on a Linux/Unix system. Free video conference graphic tutorial

OpenMeetings Installation

OpenMeetings installation for Open-Source Video Conferencing Systems in Linux

Tutorial on building an OpenMeetings1.9 Video Conferencing System in Windows

For details about OpenMeetings, click here
OpenMeetings: click here

This article permanently updates the link address: