Skip to main content

Openmeetings CVE-2016-0784

MEDIUM
Path Traversal (CWE-22)
2016-04-11 secalert@redhat.com
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 11, 2016 - 14:59 cve.org
MEDIUM 6.5

DescriptionCVE.org

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.

AnalysisAI

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry. Affected products include: Apache Openmeetings. Version information: before 3.1.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2020-13951 HIGH POC
7.5 Sep 30

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. Ra

CVE-2016-8736 CRITICAL
9.8 Oct 12

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. Rated critical s

CVE-2017-7664 CRITICAL
10.0 Jul 17

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. Rated critical severity (CVSS 10.0), t

CVE-2017-7673 CRITICAL
9.8 Jul 17

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget pas

CVE-2023-28326 CRITICAL
9.8 Mar 28

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attac

CVE-2017-7666 HIGH
8.8 Jul 17

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MI

CVE-2017-7681 HIGH
8.8 Jul 17

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely

CVE-2017-7682 HIGH
8.2 Jul 17

Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted

CVE-2023-29032 HIGH
8.1 May 12

An attacker that has gained access to certain private information can use this to act as other user. Rated high severity

CVE-2017-7684 HIGH
7.5 Jul 17

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. Rated high severity (CVSS 7.5), this vulnerabi

CVE-2017-7680 HIGH
7.5 Jul 17

Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. Rated high severity (CVSS 7.5), this vulnerabil

CVE-2016-2164 HIGH
7.5 Apr 11

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings be

Share

CVE-2016-0784 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy