Google Git
Sign in
apache / openmeetings-site / 4230104ac07df489526b0ee94d7a71b78842ec2a / . / security.html
blob: 71405b8f28066888b2bf07754185d51774d23f40 [file] [log] [blame]
<!doctype html>
<!--
Generated by Apache Maven Doxia at $dateFormat.format( $currentDate ) Rendered using Reflow Maven Skin 2.3.0 (http://devacfr.github.io/reflow-maven-skin)
-->
<html xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache OpenMeetings Project &#x2013; Security Vulnerabilities</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="description" content="" />
<meta name="author" content="Apache OpenMeetings Team" />
<meta http-equiv="content-language" content="en" />
<link href="./css/themes/cerulean/bootstrap.min.css" rel="stylesheet" />
<link href="./css/fontawesome/all.min.css" rel="stylesheet" />
<link href="./css/reflow-skin.css" rel="stylesheet" />
<link rel="stylesheet" href="./js/styles/github.min.css" />
<link href="./css/lightbox.css" rel="stylesheet" />
<link href="./css/site.css" rel="stylesheet" />
<link href="./css/print.css" rel="stylesheet" media="print" />
<link rel="stylesheet" href="./css/site.css"/>
</head> <!-- end : head -->
<body class="page-security project-openmeetings-server anchorjs-enabled scrolltop-smooth-enabled m-toc-sidebar-enabled m-toc-sidebar-expanded m-toc-sidebar-autoexpandable toc-sidebar-fixed">
<nav id="m-top-navbar" class="navbar navbar-expand-lg fixed-top navbar-dark bg-primary">
<div class="container"> <a class="navbar-brand mb-0 h1" href="index.html">
<span class="color-highlight">Apache</span> OpenMeetings
</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#top-navbar-collapse-1" aria-controls="top-navbar-collapse-1" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="top-navbar-collapse-1">
<ul class="nav navbar-nav ml-auto">
<li class="nav-item " ><a href="demo.html" title="Demo" class="nav-link" >Demo</a></li>
<li class="nav-item " ><a href="downloads.html" title="Download" class="nav-link" >Download</a></li>
<li class="nav-item " ><a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS" title="Wiki" class="externalLink nav-link" >Wiki</a></li>
<li class="nav-item dropdown active">
<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">General <b class="caret"></b></a>
<div class="dropdown-menu">
<a href="index.html" title="Home" class="dropdown-item ">Home</a>
<a href="https://www.apache.org/licenses/" title="License" class="dropdown-item ">License</a>
<a href="https://www.apache.org/" title="ASF" class="dropdown-item ">ASF</a>
<a href="https://www.apache.org/foundation/sponsorship" title="Sponsorship" class="dropdown-item ">Sponsorship</a>
<a href="https://www.apache.org/foundation/thanks" title="Thanks" class="dropdown-item ">Thanks</a>
<a href="CallForLogo.html" title="Call For Logo" class="dropdown-item ">Call For Logo</a>
<a href="NewsArchive.html" title="News archive" class="dropdown-item ">News archive</a>
<a href="" title="Security" class="dropdown-item active">Security</a>
<a href="commercial-support.html" title="Commercial Support" class="dropdown-item ">Commercial Support</a>
</div>
</li>
<li class="nav-item dropdown">
<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Installation <b class="caret"></b></a>
<div class="dropdown-menu">
<a href="installation.html" title="Installation" class="dropdown-item ">Installation</a>
<a href="Upgrade.html" title="Upgrade" class="dropdown-item ">Upgrade</a>
<a href="InstallMediaServer.html" title="Media Server Installation" class="dropdown-item ">Media Server Installation</a>
<a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools" title="Tutorials" class="dropdown-item ">Tutorials</a>
<a href="CommandLineAdmin.html" title="Command Line Admin" class="dropdown-item ">Command Line Admin</a>
</div>
</li>
<li class="nav-item dropdown">
<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Community <b class="caret"></b></a>
<div class="dropdown-menu">
<a href="get-involved.html" title="Get Involved" class="dropdown-item ">Get Involved</a>
<a href="team.html" title="Committers" class="dropdown-item ">Committers</a>
<a href="OurUsers.html" title="Our Users" class="dropdown-item ">Our Users</a>
<a href="mailing-lists.html" title="Mailing Lists" class="dropdown-item ">Mailing Lists</a>
<a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/" title="Wiki" class="dropdown-item ">Wiki</a>
</div>
</li>
<li class="nav-item dropdown">
<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Configuration <b class="caret"></b></a>
<div class="dropdown-menu">
<div class="dropdown-submenu">
<a href="security.html#integration" title="Integration" class="dropdown-item" >Integration</a> <div class="dropdown-menu">
<a href="swagger" title="REST API Swagger" target="_blank" class="dropdown-item ">REST API Swagger</a>
<a href="openmeetings-webservice/apidocs/index.html" title="SOAP/REST API JavaDoc" target="_blank" class="dropdown-item ">SOAP/REST API JavaDoc</a>
<a href="RestAPISample.html" title="REST API Sample" class="dropdown-item ">REST API Sample</a>
<a href="LdapAndADS.html" title="Ldap and ADS" class="dropdown-item ">Ldap and ADS</a>
<a href="oauth2.html" title="OAuth2" class="dropdown-item ">OAuth2</a>
<a href="AsteriskIntegration.html" title="VoIP and SIP" class="dropdown-item ">VoIP and SIP</a>
<a href="errorvalues.html" title="Errors table" class="dropdown-item ">Errors table</a>
<a href="CalDAVandGCal.html" title="CalDAV and Google Calendar integration" class="dropdown-item ">CalDAV and Google Calendar integration</a>
<a href="ExternalVideo.html" title="External Video/Camera" class="dropdown-item ">External Video/Camera</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#plugins" title="Plugins" class="dropdown-item" >Plugins</a> <div class="dropdown-menu">
<a href="MoodlePlugin.html" title="Moodle Plugin" class="dropdown-item ">Moodle Plugin</a>
<a href="SakaiPlugin.html" title="Sakai Plugin" class="dropdown-item ">Sakai Plugin</a>
<a href="JiraPlugin.html" title="Jira Plugin" class="dropdown-item ">Jira Plugin</a>
<a href="JoomlaPlugin.html" title="Joomla Plugin" class="dropdown-item ">Joomla Plugin</a>
<a href="DrupalPlugin.html" title="Drupal Plugin" class="dropdown-item ">Drupal Plugin</a>
<a href="BitrixPlugin.html" title="Bitrix Plugin" class="dropdown-item ">Bitrix Plugin</a>
<a href="ConfluencePlugin.html" title="Confluence Plugin" class="dropdown-item ">Confluence Plugin</a>
<a href="SugarCRMPlugin.html" title="SugarCRM Plugin" class="dropdown-item ">SugarCRM Plugin</a>
<a href="RedminePlugin.html" title="Redmine Plugin" class="dropdown-item ">Redmine Plugin</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#db" title="DB Sample Configurations" class="dropdown-item" >DB Sample Configurations</a> <div class="dropdown-menu">
<a href="H2Config.html" title="H2" class="dropdown-item ">H2</a>
<a href="IBMDB2Config.html" title="IBM DB2" class="dropdown-item ">IBM DB2</a>
<a href="OracleConfig.html" title="Oracle" class="dropdown-item ">Oracle</a>
<a href="MySQLConfig.html" title="MySQL" class="dropdown-item ">MySQL</a>
<a href="PostgresConfig.html" title="Postgres" class="dropdown-item ">Postgres</a>
<a href="MSSQLConfig.html" title="MSSQL" class="dropdown-item ">MSSQL</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#localization" title="Localization and languages" class="dropdown-item" >Localization and languages</a> <div class="dropdown-menu">
<a href="Internationalisation.html" title="Internationalisation" class="dropdown-item ">Internationalisation</a>
<a href="LanguageEditor.html" title="LanguageEditor" class="dropdown-item ">LanguageEditor</a>
<a href="TimeZoneHandling.html" title="TimeZoneHandling" class="dropdown-item ">TimeZoneHandling</a>
<a href="EditTemplates.html" title="EditTemplates" class="dropdown-item ">EditTemplates</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#port" title="NAT Port Settings" class="dropdown-item" >NAT Port Settings</a> <div class="dropdown-menu">
<a href="PortSettings.html" title="Port settings" class="dropdown-item ">Port settings</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#performance" title="Performance" class="dropdown-item" >Performance</a> <div class="dropdown-menu">
<a href="JVMPerformanceTuning.html" title="JVM performance tuning" class="dropdown-item ">JVM performance tuning</a>
<a href="NetworkCalculator.html" title="Network bandwidth calculator" class="dropdown-item ">Network bandwidth calculator</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#interface" title="User Interface" class="dropdown-item" >User Interface</a> <div class="dropdown-menu">
<a href="LogoAndIcons.html" title="Logo and icons" class="dropdown-item ">Logo and icons</a>
<a href="themes-and-branding.html" title="Themes" class="dropdown-item ">Themes</a>
<a href="Dashboard.html" title="Dashboard" class="dropdown-item ">Dashboard</a>
<a href="WebcamResolutions.html" title="Webcam resolutions" class="dropdown-item ">Webcam resolutions</a>
<a href="ConferenceRoomLayoutOptions.html" title="Room layout options" class="dropdown-item ">Room layout options</a>
<a href="HotKeys.html" title="Hot Keys" class="dropdown-item ">Hot Keys</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#customize" title="Customization" class="dropdown-item" >Customization</a> <div class="dropdown-menu">
<a href="WebappNamePath.html" title="Webapp name/path" class="dropdown-item ">Webapp name/path</a>
<a href="CalendarAndTimezone.html" title="Calendar and timezone" class="dropdown-item ">Calendar and timezone</a>
<a href="CustomRoomTypeHowTo.html" title="Custom room type" class="dropdown-item ">Custom room type</a>
<a href="CustomCryptMechanism.html" title="Custom crypt mechanism" class="dropdown-item ">Custom crypt mechanism</a>
<a href="GeneralConfiguration.html" title="General Configuration" class="dropdown-item ">General Configuration</a>
<a href="PrivacyStatement.html" title="Privacy Statement" class="dropdown-item ">Privacy Statement</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#security" title="Security" class="dropdown-item" >Security</a> <div class="dropdown-menu">
<a href="RestrictedAccess.html" title="Restricted Access" class="dropdown-item ">Restricted Access</a>
<a href="HTTPS.html" title="HTTPS" class="dropdown-item ">HTTPS</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#convert" title="Converters" class="dropdown-item" >Converters</a> <div class="dropdown-menu">
<a href="OpenOfficeConverter.html" title="OpenOffice Converter" class="dropdown-item ">OpenOffice Converter</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#cluster" title="Clustering" class="dropdown-item" >Clustering</a> <div class="dropdown-menu">
<a href="Clustering.html" title="Clustering" class="dropdown-item ">Clustering</a>
</div>
</div>
<div class="dropdown-submenu">
<a href="security.html#misc" title="Misc" class="dropdown-item" >Misc</a> <div class="dropdown-menu">
<a href="GetVersionInfo.html" title="Get version info" class="dropdown-item ">Get version info</a>
</div>
</div>
</div>
</li>
<li class="nav-item dropdown">
<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Development <b class="caret"></b></a>
<div class="dropdown-menu">
<a href="scm.html" title="Source Code" class="dropdown-item ">Source Code</a>
<a href="issue-management.html" title="Bugs / Issues" class="dropdown-item ">Bugs / Issues</a>
<a href="dependencies.html" title="Dependencies" class="dropdown-item ">Dependencies</a>
<a href="ci-management.html" title="Continuous Integration" class="dropdown-item ">Continuous Integration</a>
<a href="BuildInstructions.html" title="Build Instructions" class="dropdown-item ">Build Instructions</a>
<a href="JUnitTesting.html" title="JUnit Testing" class="dropdown-item ">JUnit Testing</a>
<a href="ManualTesting.html" title="Manual Testing" class="dropdown-item ">Manual Testing</a>
<a href="ReleaseGuide.html" title="Release Guide" class="dropdown-item ">Release Guide</a>
<a href="WebsiteGuide.html" title="Website Guide" class="dropdown-item ">Website Guide</a>
</div>
</li>
</ul><!--/ul.navbar-nav -->
</div><!--/.nav-collapse -->
</div> <!--/.container --> </nav> <!--/.navbar -->
<div class="main-body">
<div class="header text-light bg-secondary" role="main">
<div class="container container-fluid">
<div id="banner" class="header--banner">
<div class="row m-1">
<div class="col-md-12">
<div class="float-left header--banner--left bannerLeft">
<a href="index.html">
<img class="float-left m-2 img-fluid" src="images/logo.png" alt="Apache OpenMeetings" />
</a>
</div>
<div class="float-right header--banner--right bannerRight">
<a href="https://apache.org">
<img class="float-left m-2 img-fluid" src="https://apache.org/img/asf_logo.png" alt="Apache" />
</a>
</div>
</div>
</div>
</div>
</div>
</div> <!-- end : header -->
<div class="row mt-5">
<div class="d-xs-none d-sm-none d-md-none d-lg-block col-lg-2">
</div>
<main class="col-xs-12 col-sm-12 col-md-12 col-lg-12 col-xl-8" role="main">
<nav aria-label="breadcrumb">
<ol class="breadcrumb">
<li class="publishDate version-date">$dateFormat.applyPattern( $format ) $i18n.getString( "site-renderer", $locale, "template.lastpublished" ): $dateValue</li>
</ol>
</nav>
<section>
<div class="page-header">
<h2 id="security-vulnerabilities">Security Vulnerabilities</h2>
</div>
<p>Please note that binary patches are not produced for individual vulnerabilities. To obtain the binary fix for a particular vulnerability you should upgrade to an Apache OpenMeetings version where that vulnerability has been fixed.<br> <br> For more information about reporting vulnerabilities, see the <a class="externalLink" href="https://www.apache.org/security/">Apache Security Team</a> page.<br> <br> <a class="externalLink" href="https://www.apache.org/security/committers.html#vulnerability-handling">Vulnerability handling guide</a> </p>
<p> REFERENCES -&gt; permalink to the announce email in archives<br> Going forward, please include the <b>product and version information</b> in the <b>description</b> itself as well as in the "[PRODUCT]" and "[VERSION]" lines in your submissions. While this may seem redundant, including the information in both places satisfies different use cases and supports automation. </p>
</section>
<section>
<h2 id="reporting-new-security-problems">Reporting New Security Problems</h2>
<p> Please report any security errors to security@openmeetings.apache.org<br> <br> Please NOTE: only security issues should be reported to this list. </p>
</section>
<section>
<h2 id="cve-2021-27576---apache-openmeetings-bandwidth-can">CVE-2021-27576 - Apache OpenMeetings: bandwidth can be overloaded with public web service</h2>
<p>Severity: Low</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: 4.0.0 - 5.1.0</p>
<p>Description: NetTest web service can be used to overload the bandwidth of the server<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27576">CVE-2021-27576</a> </p>
<p>The issue was fixed in 6.0.0<br> All users are recommended to upgrade to Apache OpenMeetings 6.0.0</p>
<p>Credit: This issue was identified by Trung Le, Chi Tran, Linh Cua</p>
</section>
<section>
<h2 id="cve-2020-13951---apache-openmeetings-dos-via-publi">CVE-2020-13951 - Apache Openmeetings: DoS via public web service</h2>
<p>Severity: High</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: 4.0.0 - 5.0.0</p>
<p>Description: NetTest web service can be used to perform Denial of Service attack<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13951">CVE-2020-13951</a> </p>
<p>The issue was fixed in 5.0.1<br> All users are recommended to upgrade to Apache OpenMeetings 5.0.1</p>
<p>Credit: This issue was identified by Trung Le, Chi Tran, Ngo Van Thien</p>
</section>
<section>
<h2 id="cve-2018-1325---wicket-jquery-ui-xss-while-display">CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor</h2>
<p>Severity: High</p>
<p>Vendor: wicket-jquery-ui</p>
<p>Versions Affected: &lt;= 6.29.0, &lt;= 7.10.1, &lt;= 8.0.0-M9.1</p>
<p>Description: JS code created in WYSIWYG editor will be executed on display<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1325">CVE-2018-1325</a> </p>
<p>The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2<br> All users are recommended to upgrade to Apache OpenMeetings 4.0.3</p>
<p>Credit: This issue was identified by Kamil Sevi</p>
</section>
<section>
<h2 id="cve-2017-15719---wicket-jquery-ui-xss-in-wysiwyg-e">CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG editor</h2>
<p>Severity: High</p>
<p>Vendor: wicket-jquery-ui</p>
<p>Versions Affected: &lt;= 6.28.0, &lt;= 7.9.1, &lt;= 8.0.0-M8</p>
<p>Description: Attacker can submit arbitrary JS code to WYSIWYG editor<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15719">CVE-2017-15719</a> </p>
<p>The issue was fixed in 6.28.1, 7.9.2, 8.0.0-M8.1<br> All users are recommended to upgrade to Apache OpenMeetings 4.0.2</p>
<p>Credit: This issue was identified by Sahil Dhar of Security Innovation Inc</p>
</section>
<section>
<h2 id="cve-2018-1286---apache-openmeetings---insufficient">CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls</h2>
<p>Severity: Medium</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 3.0.0 - 4.0.1</p>
<p>Description: CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1286">CVE-2018-1286</a> </p>
<p>The issue was fixed in 4.0.2<br> All users are recommended to upgrade to Apache OpenMeetings 4.0.2</p>
<p>Credit: This issue was identified by Sahil Dhar of Security Innovation Inc</p>
</section>
<section>
<h2 id="cve-2017-7663---apache-openmeetings---xss-in-chat">CVE-2017-7663 - Apache OpenMeetings - XSS in chat</h2>
<p>Severity: High</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 3.2.0</p>
<p>Description: Both global and Room chat are vulnerable to XSS attack<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7663">CVE-2017-7663</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7664---apache-openmeetings---missing-xml-">CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation</h2>
<p>Severity: High</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
<p>Description: Uploaded XML documents were not correctly validated<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7664">CVE-2017-7664</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7666---apache-openmeetings-missing-secure">CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers</h2>
<p>Severity: High</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.0.0</p>
<p>Description: Apache Openmeetings is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7666">CVE-2017-7666</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7673---apache-openmeetings-insufficient-c">CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords</h2>
<p>Severity: High</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.0.0</p>
<p>Description: Apache OpenMeetings uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7673">CVE-2017-7673</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7680---apache-openmeetings---insecure-cro">CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy</h2>
<p>Severity: Low</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.0.0</p>
<p>Description: Apache OpenMeetings has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7680">CVE-2017-7680</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7681---apache-openmeetings---sql-injectio">CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services</h2>
<p>Severity: High</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.0.0</p>
<p>Description: Apache OpenMeetings is vulnerable to SQL injection This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7681">CVE-2017-7681</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7682---apache-openmeetings---business-log">CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass</h2>
<p>Severity: Medium</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 3.2.0</p>
<p>Description: Apache OpenMeetings is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7682">CVE-2017-7682</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7683---apache-openmeetings---information-">CVE-2017-7683 - Apache OpenMeetings - Information Disclosure</h2>
<p>Severity: Lowest</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.0.0</p>
<p>Description: Apache OpenMeetings displays Tomcat version and detailed error stack trace which is not secure.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7683">CVE-2017-7683</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7684---apache-openmeetings---insecure-fil">CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload</h2>
<p>Severity: Low</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.0.0</p>
<p>Description: Apache OpenMeetings doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7684">CVE-2017-7684</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7685---apache-openmeetings---insecure-htt">CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods</h2>
<p>Severity: Lowest</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.0.0</p>
<p>Description: Apache OpenMeetingsrespond to the following insecure HTTP Methods: PUT, DELETE, HEAD, and PATCH.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7685">CVE-2017-7685</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-7688---apache-openmeetings---insecure-pas">CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update</h2>
<p>Severity: Low</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.0.0</p>
<p>Description: Apache OpenMeetings updates user password in insecure manner.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7688">CVE-2017-7688</a> </p>
<p>The issue was fixed in 3.3.0<br> All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
<p>Credit: This issue was identified by Security Innovation</p>
</section>
<section>
<h2 id="cve-2017-5878---red5amf-unmarshalling-rce">CVE-2017-5878 - RED5/AMF Unmarshalling RCE</h2>
<p>Severity: Critical</p>
<p>Vendor: Red5</p>
<p>Versions Affected: Apache OpenMeetings 3.1.3 and earlier</p>
<p>Description: The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5878">CVE-2017-5878</a> </p>
<p>The issue was fixed in 3.1.4<br> All users are recommended to upgrade to Apache OpenMeetings 3.1.4</p>
<p>Credit: This issue was identified by Moritz Bechler</p>
</section>
<section>
<h2 id="cve-2016-8736---apache-openmeetings-rmi-registry-j">CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE</h2>
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8736">CVE-2016-8736</a> </p>
<p>The issue was fixed in 3.1.2<br> All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
<p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
</section>
<section>
<h2 id="cve-2016-3089---apache-openmeetings-xss-in-swf-pan">CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel</h2>
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
<p>Description: The value of the URL's "swf" query parameter is interpolated into the JavaScript tag without being escaped, leading to the reflected XSS.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.2</p>
<p>Credit: This issue was identified by Matthew Daley</p>
</section>
<section>
<h2 id="cve-2016-0783---predictable-password-reset-token">CVE-2016-0783 - Predictable password reset token</h2>
<p>Severity: Critical</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0</p>
<p>Description: The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is highly predictable and can be cracked in seconds by an attacker with knowledge of the user name of an OpenMeetings user.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0783">CVE-2016-0783</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
</section>
<section>
<h2 id="cve-2016-0784---zip-file-path-traversal">CVE-2016-0784 - ZIP file path traversal</h2>
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0</p>
<p>Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu (http://domain:5080/openmeetings/#admin/backup) is vulnerable to path traversal via specially crafted file names within ZIP archives. By uploading an archive containing a file named ../../../public/hello.txt will write the file “hello.txt” to the http://domain:5080/openmeetings/public/ directory. This could be used to, for example, overwrite the /usr/bin/convert file (or any other 3 rd party integrated executable) with a shell script, which would be executed the next time an image file is uploaded and imagemagick is invoked.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0784">CVE-2016-0784</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
</section>
<section>
<h2 id="cve-2016-2163---stored-cross-site-scripting-in-eve">CVE-2016-2163 - Stored Cross Site Scripting in Event description</h2>
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7</p>
<p>Description: When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters the room via the event. It is possible to create a link like "javascript:alert('xss')", which will execute once the link is clicked. As the link is placed within an &lt;a&gt; tag, the actual link is not visible to the end user which makes it hard to tell if the link is legit or not.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2163">CVE-2016-2163</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
</section>
<section>
<h2 id="cve-2016-2164---arbitrary-file-read-via-soap-api">CVE-2016-2164 - Arbitrary file read via SOAP API</h2>
<p>Severity: Critical</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7</p>
<p>Description: When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the system. This is due to that Java's URL class is used without checking what protocol handler is specified in the API call.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2164">CVE-2016-2164</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
</section> </main>
<div class="d-none d-sm-none d-md-none d-lg-none d-xl-block col-xl-2">
<div id="m-toc-sidebar" class="d-print-none m-toc-sidebar-enabled m-toc-sidebar-expanded m-toc-sidebar-autoexpandable toc-sidebar-fixed">
<nav id="m-toc-sidebar-nav flex-column">
<ul class="m-nav--sidebar nav flex-column flex-nowrap">
<li class="h2">
<a class="nav-link" href="#security-vulnerabilities" title="Security Vulnerabilities">Security Vulnerabilities</a>
</li>
<li class="h2">
<a class="nav-link" href="#reporting-new-security-problems" title="Reporting New Security Problems">Reporting New Security Problems</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2021-27576---apache-openmeetings-bandwidth-can" title="CVE-2021-27576 - Apache OpenMeetings: bandwidth can be overloaded with public web service">CVE-2021-27576 - Apache OpenMeetings: bandwidth can be overloaded with public web service</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2020-13951---apache-openmeetings-dos-via-publi" title="CVE-2020-13951 - Apache Openmeetings: DoS via public web service">CVE-2020-13951 - Apache Openmeetings: DoS via public web service</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2018-1325---wicket-jquery-ui-xss-while-display" title="CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor">CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-15719---wicket-jquery-ui-xss-in-wysiwyg-e" title="CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG editor">CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG editor</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2018-1286---apache-openmeetings---insufficient" title="CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls">CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7663---apache-openmeetings---xss-in-chat" title="CVE-2017-7663 - Apache OpenMeetings - XSS in chat">CVE-2017-7663 - Apache OpenMeetings - XSS in chat</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7664---apache-openmeetings---missing-xml-" title="CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation">CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7666---apache-openmeetings-missing-secure" title="CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers">CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7673---apache-openmeetings-insufficient-c" title="CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords">CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7680---apache-openmeetings---insecure-cro" title="CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy">CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7681---apache-openmeetings---sql-injectio" title="CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services">CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7682---apache-openmeetings---business-log" title="CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass">CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7683---apache-openmeetings---information-" title="CVE-2017-7683 - Apache OpenMeetings - Information Disclosure">CVE-2017-7683 - Apache OpenMeetings - Information Disclosure</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7684---apache-openmeetings---insecure-fil" title="CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload">CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7685---apache-openmeetings---insecure-htt" title="CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods">CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-7688---apache-openmeetings---insecure-pas" title="CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update">CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2017-5878---red5amf-unmarshalling-rce" title="CVE-2017-5878 - RED5/AMF Unmarshalling RCE">CVE-2017-5878 - RED5/AMF Unmarshalling RCE</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2016-8736---apache-openmeetings-rmi-registry-j" title="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE">CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2016-3089---apache-openmeetings-xss-in-swf-pan" title="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel">CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2016-0783---predictable-password-reset-token" title="CVE-2016-0783 - Predictable password reset token">CVE-2016-0783 - Predictable password reset token</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2016-0784---zip-file-path-traversal" title="CVE-2016-0784 - ZIP file path traversal">CVE-2016-0784 - ZIP file path traversal</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2016-2163---stored-cross-site-scripting-in-eve" title="CVE-2016-2163 - Stored Cross Site Scripting in Event description">CVE-2016-2163 - Stored Cross Site Scripting in Event description</a>
</li>
<li class="h2">
<a class="nav-link" href="#cve-2016-2164---arbitrary-file-read-via-soap-api" title="CVE-2016-2164 - Arbitrary file read via SOAP API">CVE-2016-2164 - Arbitrary file read via SOAP API</a>
</li>
</ul>
</nav>
</div>
</div>
</div> <!-- row: end -->
</div> <!-- .main-body: end -->
<div id="m_scrolltop" class="m-scrolltop">
<i class="fa fa-arrow-up"></i>
</div>
<!-- Footer -->
<footer class="footer-light bg-light">
<div class="container">
<div class="row">
<div class="col bottom-nav">
<ul class="nav flex-column nav-list">
<li class="nav-header">
General
</li>
<li class="nav-item "><a href="index.html" title="Home" class="nav-link" >Home</a></li>
<li class="nav-item "><a href="https://www.apache.org/licenses/" title="License" class="externalLink nav-link" >License</a></li>
<li class="nav-item "><a href="https://www.apache.org/" title="ASF" class="externalLink nav-link" >ASF</a></li>
<li class="nav-item "><a href="https://www.apache.org/foundation/sponsorship" title="Sponsorship" class="externalLink nav-link" >Sponsorship</a></li>
<li class="nav-item "><a href="https://www.apache.org/foundation/thanks" title="Thanks" class="externalLink nav-link" >Thanks</a></li>
<li class="nav-item "><a href="CallForLogo.html" title="Call For Logo" class="nav-link" >Call For Logo</a></li>
<li class="nav-item "><a href="NewsArchive.html" title="News archive" class="nav-link" >News archive</a></li>
<li class="nav-item active"><a href="" title="Security" class="nav-link" >Security</a></li>
<li class="nav-item "><a href="commercial-support.html" title="Commercial Support" class="nav-link" >Commercial Support</a></li>
</ul>
</div>
<div class="col bottom-nav">
<ul class="nav flex-column nav-list">
<li class="nav-header">
Installation
</li>
<li class="nav-item "><a href="installation.html" title="Installation" class="nav-link" >Installation</a></li>
<li class="nav-item "><a href="Upgrade.html" title="Upgrade" class="nav-link" >Upgrade</a></li>
<li class="nav-item "><a href="InstallMediaServer.html" title="Media Server Installation" class="nav-link" >Media Server Installation</a></li>
<li class="nav-item "><a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools" title="Tutorials" class="externalLink nav-link" >Tutorials</a></li>
<li class="nav-item "><a href="CommandLineAdmin.html" title="Command Line Admin" class="nav-link" >Command Line Admin</a></li>
</ul>
</div>
<div class="col bottom-nav">
<ul class="nav flex-column nav-list">
<li class="nav-header">
Community
</li>
<li class="nav-item "><a href="get-involved.html" title="Get Involved" class="nav-link" >Get Involved</a></li>
<li class="nav-item "><a href="team.html" title="Committers" class="nav-link" >Committers</a></li>
<li class="nav-item "><a href="OurUsers.html" title="Our Users" class="nav-link" >Our Users</a></li>
<li class="nav-item "><a href="mailing-lists.html" title="Mailing Lists" class="nav-link" >Mailing Lists</a></li>
<li class="nav-item "><a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/" title="Wiki" class="externalLink nav-link" >Wiki</a></li>
</ul>
</div>
<div class="col bottom-nav">
<ul class="nav flex-column nav-list">
<li class="nav-header">
Development
</li>
<li class="nav-item "><a href="scm.html" title="Source Code" class="nav-link" >Source Code</a></li>
<li class="nav-item "><a href="issue-management.html" title="Bugs / Issues" class="nav-link" >Bugs / Issues</a></li>
<li class="nav-item "><a href="dependencies.html" title="Dependencies" class="nav-link" >Dependencies</a></li>
<li class="nav-item "><a href="ci-management.html" title="Continuous Integration" class="nav-link" >Continuous Integration</a></li>
<li class="nav-item "><a href="BuildInstructions.html" title="Build Instructions" class="nav-link" >Build Instructions</a></li>
<li class="nav-item "><a href="JUnitTesting.html" title="JUnit Testing" class="nav-link" >JUnit Testing</a></li>
<li class="nav-item "><a href="ManualTesting.html" title="Manual Testing" class="nav-link" >Manual Testing</a></li>
<li class="nav-item "><a href="ReleaseGuide.html" title="Release Guide" class="nav-link" >Release Guide</a></li>
<li class="nav-item "><a href="WebsiteGuide.html" title="Website Guide" class="nav-link" >Website Guide</a></li>
</ul>
</div>
</div> <!-- END: .row -->
</div> <!-- END: .container -->
</footer>
<div class="container subfooter text-center">
<div class="row">
<div class="col-md-12">
<p class="copyright">Copyright &copy;2012-${currentYear}
<a href="https://apache.org">Apache Software Foundation</a>
. All Rights Reserved.</p>
</div>
</div>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="./js/jquery.min.js" crossorigin="anonymous"></script>
<script src="./js/popper.min.js" crossorigin="anonymous"></script>
<script src="./js/bootstrap.min.js" crossorigin="anonymous"></script>
<script src="./js/lightbox.min.js" crossorigin="anonymous"></script>
<script src="./js/highlight.min.js" crossorigin="anonymous"></script>
<script src="https://www.apachecon.com/event-images/snippet.js"></script>
<script src="./js/site.js" type="text/javascript"></script>
<script src="./js/jquery-ui.min.js" type="text/javascript"></script>
<script src="./js/netcalc.js" type="text/javascript"></script>
<div class="text-center">Apache OpenMeetings, OpenMeetings, Apache, the Apache feather, and the Apache OpenMeetings project logo</div>
<div class="text-center">are trademarks of the Apache Software Foundation.</div>
<div class="text-center">
<a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy policy</a>
</div> <script src="./js/reflow-skin.js" crossorigin="anonymous"></script>
<script src="./js/anchor.min.js" crossorigin="anonymous"></script>
</body>
</html>