[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CVE-2016-2164] Arbitrary file read via SOAP API

To: Openmeetings user-list <user@xxxxxxxxxxxxxxxxxxxxxxx>, dev <dev@xxxxxxxxxxxxxxxxxxxxxxx>, security@xxxxxxxxxxxxxxxxxxxxxxx, security@xxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [CVE-2016-2164] Arbitrary file read via SOAP API
From: Maxim Solodovnik <solomax@xxxxxxxxxx>
Date: Fri, 25 Mar 2016 15:57:27 +0600

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7

Description:
When attempting to upload a file via the API using the
importFileByInternalUserId
or importFile methods in the FileService, it is possible to read arbitrary
files from the system. This is due to that Java's URL class is used without
checking what protocol handler is specified in the API call.

All users are recommended to upgrade to Apache OpenMeetings 3.1.1

Credit: This issue was identified by Andreas Lindh


Apache OpenMeetings Team

Prev by Date: [CVE-2016-0783] Predictable password reset token
Next by Date: [CVE-2016-2163] Stored Cross Site Scripting in Event description
Previous by thread: [CVE-2016-0783] Predictable password reset token
Next by thread: [CVE-2016-2163] Stored Cross Site Scripting in Event description
Index(es):
- Date
- Thread