blob: a805ed22bbcdfa1df9cd4943fe7898c34b968391 [file] [log] [blame]
<!DOCTYPE html>
Generated by Apache Maven Doxia at 2017-02-08
Rendered using Reflow Maven Skin 1.1.1 (
<html xml:lang="en" lang="en">
<meta charset="UTF-8" />
<title>Apache OpenMeetings Project -
Security Vulnerabilities</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="description" content="" />
<meta name="author" content="Apache OpenMeetings Team" />
<meta http-equiv="content-language" content="en" />
<link href=".//css/bootstrap.min.css" rel="stylesheet" />
<link href=".//css/bootstrap-responsive.min.css" rel="stylesheet" />
<link href=".//css/docs.css" rel="stylesheet" />
<link href=".//css/reflow-skin.css" rel="stylesheet" />
<link href=".//css/lightbox.css" rel="stylesheet" />
<link href=".//css/site.css" rel="stylesheet" />
<link href=".//css/print.css" rel="stylesheet" media="print" />
<!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src=".//js/html5.js"></script>
<body class="page-security project-openmeetings-server" data-spy="scroll" data-offset="60" data-target="#toc-scroll-target">
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse" data-target="#top-nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<div class="brand"><span class="color-highlight">Apache</span> OpenMeetings</div>
<div class="nav-collapse collapse" id="top-nav-collapse">
<ul class="nav pull-right">
<li ><a href="demo.html" title="Demo">Demo</a></li>
<li ><a href="downloads.html" title="Download">Download</a></li>
<li ><a href="" title="Wiki" class="externalLink">Wiki</a></li>
<li class="dropdown active">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">General <b class="caret"></b></a>
<ul class="dropdown-menu">
<li ><a href="index.html" title="Home">Home</a></li>
<li ><a href="license.html" title="License">License</a></li>
<li ><a href="" title="ASF" class="externalLink">ASF</a></li>
<li ><a href="CallForLogo.html" title="Call For Logo">Call For Logo</a></li>
<li ><a href="NewsArchive.html" title="News archive">News archive</a></li>
<li class="active"><a href="" title="Security">Security</a></li>
<li ><a href="commercial-support.html" title="Commercial Support">Commercial Support</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Installation <b class="caret"></b></a>
<ul class="dropdown-menu">
<li ><a href="installation.html" title="Installation">Installation</a></li>
<li ><a href="Upgrade.html" title="Upgrade">Upgrade</a></li>
<li ><a href="" title="Tutorials" class="externalLink">Tutorials</a></li>
<li ><a href="CommandLineAdmin.html" title="Command Line Admin">Command Line Admin</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Community <b class="caret"></b></a>
<ul class="dropdown-menu">
<li ><a href="get-involved.html" title="Get Involved">Get Involved</a></li>
<li ><a href="team-list.html" title="Committers">Committers</a></li>
<li ><a href="mail-lists.html" title="Mailing Lists">Mailing Lists</a></li>
<li ><a href="" title="Wiki" class="externalLink">Wiki</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Development <b class="caret"></b></a>
<ul class="dropdown-menu">
<li ><a href="source-repository.html" title="Source Code">Source Code</a></li>
<li ><a href="issue-tracking.html" title="Bugs / Issues">Bugs / Issues</a></li>
<li ><a href="dependencies.html" title="Dependencies">Dependencies</a></li>
<li ><a href="integration.html" title="Continuous Integration">Continuous Integration</a></li>
<li ><a href="BuildInstructions_3.0.x.html" title="Build Instructions 3.0.x">Build Instructions 3.0.x</a></li>
<li ><a href="BuildInstructions.html" title="Build Instructions">Build Instructions</a></li>
<li ><a href="JUnitTesting.html" title="JUnit Testing">JUnit Testing</a></li>
<li ><a href="ManualTesting.html" title="Manual Testing">Manual Testing</a></li>
<li ><a href="ReleaseGuide.html" title="Release Guide">Release Guide</a></li>
<li ><a href="WebsiteGuide.html" title="Website Guide">Website Guide</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Configuration <b class="caret"></b></a>
<ul class="dropdown-menu">
<li class="dropdown-submenu ">
<a href="security.html#integration" title="Integration">Integration</a>
<ul class="dropdown-menu">
<li ><a href="openmeetings-webservice/apidocs/index.html" title="SOAP/REST API" target="_blank">SOAP/REST API</a></li>
<li ><a href="RestAPISample.html" title="REST API Sample">REST API Sample</a></li>
<li ><a href="LdapAndADS.html" title="Ldap and ADS">Ldap and ADS</a></li>
<li ><a href="oauth2.html" title="OAuth2">OAuth2</a></li>
<li ><a href="voip-sip-integration.html" title="VoIP and SIP">VoIP and SIP</a></li>
<li ><a href="errorvalues.html" title="Errors table">Errors table</a></li>
<li class="dropdown-submenu ">
<a href="security.html#plugins" title="Plugins">Plugins</a>
<ul class="dropdown-menu">
<li ><a href="MoodlePlugin.html" title="Moodle Plugin">Moodle Plugin</a></li>
<li ><a href="SakaiPlugin.html" title="Sakai Plugin">Sakai Plugin</a></li>
<li ><a href="JiraPlugin.html" title="Jira Plugin">Jira Plugin</a></li>
<li ><a href="JoomlaPlugin.html" title="Joomla Plugin">Joomla Plugin</a></li>
<li ><a href="DrupalPlugin.html" title="Drupal Plugin">Drupal Plugin</a></li>
<li ><a href="BitrixPlugin.html" title="Bitrix Plugin">Bitrix Plugin</a></li>
<li ><a href="ConfluencePlugin.html" title="Confluence Plugin">Confluence Plugin</a></li>
<li ><a href="SugarCRMPlugin.html" title="SugarCRM Plugin">SugarCRM Plugin</a></li>
<li ><a href="RedminePlugin.html" title="Redmine Plugin">Redmine Plugin</a></li>
<li class="dropdown-submenu ">
<a href="security.html#db" title="DB Sample Configurations">DB Sample Configurations</a>
<ul class="dropdown-menu">
<li ><a href="ApacheDerbyConfig.html" title="Apache Derby">Apache Derby</a></li>
<li ><a href="IBMDB2Config.html" title="IBM DB2">IBM DB2</a></li>
<li ><a href="OracleConfig.html" title="Oracle">Oracle</a></li>
<li ><a href="MySQLConfig.html" title="MySQL">MySQL</a></li>
<li ><a href="PostgresConfig.html" title="Postgres">Postgres</a></li>
<li ><a href="MSSQLConfig.html" title="MSSQL">MSSQL</a></li>
<li class="dropdown-submenu ">
<a href="security.html#localization" title="Localization and languages">Localization and languages</a>
<ul class="dropdown-menu">
<li ><a href="Internationalisation.html" title="Internationalisation">Internationalisation</a></li>
<li ><a href="LanguageEditor.html" title="LanguageEditor">LanguageEditor</a></li>
<li ><a href="TimeZoneHandling.html" title="TimeZoneHandling">TimeZoneHandling</a></li>
<li ><a href="EditTemplates.html" title="EditTemplates">EditTemplates</a></li>
<li class="dropdown-submenu ">
<a href="security.html#port" title="NAT Port Settings">NAT Port Settings</a>
<ul class="dropdown-menu">
<li ><a href="PortSettings.html" title="Port settings">Port settings</a></li>
<li class="dropdown-submenu ">
<a href="security.html#performance" title="Performance">Performance</a>
<ul class="dropdown-menu">
<li ><a href="JVMPerformanceTuning.html" title="JVM performance tuning">JVM performance tuning</a></li>
<li ><a href="NetworkCalculator.html" title="Network bandwidth calculator">Network bandwidth calculator</a></li>
<li class="dropdown-submenu ">
<a href="security.html#interface" title="User Interface">User Interface</a>
<ul class="dropdown-menu">
<li ><a href="themes-and-branding.html" title="Themes">Themes</a></li>
<li ><a href="Dashboard.html" title="Dashboard">Dashboard</a></li>
<li ><a href="WebcamResolutions.html" title="Webcam resolutions">Webcam resolutions</a></li>
<li ><a href="ConferenceRoomLayoutOptions.html" title="Room layout options">Room layout options</a></li>
<li ><a href="HotKeys.html" title="Hot Keys">Hot Keys</a></li>
<li class="dropdown-submenu ">
<a href="security.html#customize" title="Customization">Customization</a>
<ul class="dropdown-menu">
<li ><a href="WebappNamePath.html" title="Webapp name/path">Webapp name/path</a></li>
<li ><a href="Navigation.html" title="Navigation">Navigation</a></li>
<li ><a href="CalendarAndTimezone.html" title="Calendar and timezone">Calendar and timezone</a></li>
<li ><a href="CustomRoomTypeHowTo.html" title="Custom room type">Custom room type</a></li>
<li ><a href="CustomCryptMechanism.html" title="Custom crypt mechanism">Custom crypt mechanism</a></li>
<li ><a href="GeneralConfiguration.html" title="General Configuration">General Configuration</a></li>
<li class="dropdown-submenu ">
<a href="security.html#security" title="Security">Security</a>
<ul class="dropdown-menu">
<li ><a href="RestrictedAccess.html" title="Restricted Access">Restricted Access</a></li>
<li ><a href="RTMPSAndHTTPS.html" title="RTMPS and HTTPS">RTMPS and HTTPS</a></li>
<li class="dropdown-submenu ">
<a href="security.html#convert" title="Converters">Converters</a>
<ul class="dropdown-menu">
<li ><a href="OpenOfficeConverter.html" title="OpenOffice Converter">OpenOffice Converter</a></li>
<li class="dropdown-submenu ">
<a href="security.html#cluster" title="Clustering">Clustering</a>
<ul class="dropdown-menu">
<li ><a href="Clustering.html" title="Clustering">Clustering</a></li>
<li class="dropdown-submenu ">
<a href="security.html#misc" title="Misc">Misc</a>
<ul class="dropdown-menu">
<li ><a href="GetVersionInfo.html" title="Get version info">Get version info</a></li>
</div><!--/.nav-collapse -->
<div class="container">
<!-- Masthead
================================================== -->
<div class="jumbotron subhead">
<div class="row" id="banner">
<div class="span12">
<div class="pull-left">
<a href="index.html" id="bannerLeft"><img src="images/logo.png" alt='"'Apache OpenMeetings'"' /></a>
<div class="pull-right">
<a href="" id="bannerRight"><img src="" alt='"'Apache'"' /></a>
<ul class="breadcrumb">
<li class="publishDate version-date">Last Published: 2017-02-08</li>
<div class="main-body">
<div class="row">
<div class="span8">
<div class="body-content">
<!-- Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License. -->
<div class="section">
<div class="page-header">
<h2 id="Security_Vulnerabilities">Security Vulnerabilities</h2>
<p>Please note that binary patches are not produced for individual vulnerabilities. To obtain the binary fix for a particular vulnerability you should upgrade to an Apache OpenMeetings version where that vulnerability has been fixed.<br /> <br /> For more information about reporting vulnerabilities, see the <a class="externalLink" href="">Apache Security Team</a> page.<br /> <br /> <a class="externalLink" href="">Vulnerability handling guide</a> </p>
<div class="section">
<h2 id="Reporting_New_Security_Problems">Reporting New Security Problems</h2>
<p> Please report any security errors to<br /> <br /> Please NOTE: only security issues should be reported to this list. </p>
<div class="section">
<h2 id="CVE-2016-8736_-_Apache_Openmeetings_RMI_Registry_Java_Deserialization_RCE">CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE</h2>
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br /> <a class="externalLink" href="">CVE-2016-8736</a> </p>
<p>The issue was fixed in 3.1.2<br /> All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
<p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
<div class="section">
<h2 id="CVE-2016-3089_-_Apache_OpenMeetings_XSS_in_SWF_panel">CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel</h2>
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
<p>Description: The value of the URL's &quot;swf&quot; query parameter is interpolated into the JavaScript tag without being escaped, leading to the reflected XSS.<br /> <a class="externalLink" href="">CVE-2016-3089</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.2</p>
<p>Credit: This issue was identified by Matthew Daley</p>
<div class="section">
<h2 id="CVE-2016-0783_-_Predictable_password_reset_token">CVE-2016-0783 - Predictable password reset token</h2>
<p>Severity: Critical</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0</p>
<p>Description: The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is highly predictable and can be cracked in seconds by an attacker with knowledge of the user name of an OpenMeetings user.<br /> <a class="externalLink" href="">CVE-2016-0783</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
<div class="section">
<h2 id="CVE-2016-0784_-_ZIP_file_path_traversal">CVE-2016-0784 - ZIP file path traversal</h2>
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0</p>
<p>Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu (http://domain:5080/openmeetings/#admin/backup) is vulnerable to path traversal via specially crafted file names within ZIP archives. By uploading an archive containing a file named ../../../public/hello.txt will write the file “hello.txt” to the http://domain:5080/openmeetings/public/ directory. This could be used to, for example, overwrite the /usr/bin/convert file (or any other 3 rd party integrated executable) with a shell script, which would be executed the next time an image file is uploaded and imagemagick is invoked.<br /> <a class="externalLink" href="">CVE-2016-0784</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
<div class="section">
<h2 id="CVE-2016-2163_-_Stored_Cross_Site_Scripting_in_Event_description">CVE-2016-2163 - Stored Cross Site Scripting in Event description</h2>
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7</p>
<p>Description: When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters the room via the event. It is possible to create a link like &quot;javascript:alert('xss')&quot;, which will execute once the link is clicked. As the link is placed within an &lt;a&gt; tag, the actual link is not visible to the end user which makes it hard to tell if the link is legit or not.<br /> <a class="externalLink" href="">CVE-2016-2163</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
<div class="section">
<h2 id="CVE-2016-2164_-_Arbitrary_file_read_via_SOAP_API">CVE-2016-2164 - Arbitrary file read via SOAP API</h2>
<p>Severity: Critical</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7</p>
<p>Description: When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the system. This is due to that Java's URL class is used without checking what protocol handler is specified in the API call.<br /> <a class="externalLink" href="">CVE-2016-2164</a> </p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
<div class="span4">
<div id="toc-sidebar">
<div class="well">
<ul class="nav nav-list">
<li class="nav-header">Table of Contents</li>
<li><a href="#Security_Vulnerabilities" title="Security Vulnerabilities">Security Vulnerabilities</a>
<li><a href="#Reporting_New_Security_Problems" title="Reporting New Security Problems">Reporting New Security Problems</a>
<li><a href="#CVE-2016-8736_-_Apache_Openmeetings_RMI_Registry_Java_Deserialization_RCE" title="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE">CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE</a>
<li><a href="#CVE-2016-3089_-_Apache_OpenMeetings_XSS_in_SWF_panel" title="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel">CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel</a>
<li><a href="#CVE-2016-0783_-_Predictable_password_reset_token" title="CVE-2016-0783 - Predictable password reset token">CVE-2016-0783 - Predictable password reset token</a>
<li><a href="#CVE-2016-0784_-_ZIP_file_path_traversal" title="CVE-2016-0784 - ZIP file path traversal">CVE-2016-0784 - ZIP file path traversal</a>
<li><a href="#CVE-2016-2163_-_Stored_Cross_Site_Scripting_in_Event_description" title="CVE-2016-2163 - Stored Cross Site Scripting in Event description">CVE-2016-2163 - Stored Cross Site Scripting in Event description</a>
<li><a href="#CVE-2016-2164_-_Arbitrary_file_read_via_SOAP_API" title="CVE-2016-2164 - Arbitrary file read via SOAP API">CVE-2016-2164 - Arbitrary file read via SOAP API</a>
</div><!-- /container -->
<!-- Footer
================================================== -->
<footer class="well">
<div class="container">
<div class="row">
<div class="span3 bottom-nav">
<ul class="nav nav-list">
<li class="nav-header">General</li>
<li >
<a href="index.html" title="Home">Home</a>
<li >
<a href="license.html" title="License">License</a>
<li >
<a href="" title="ASF" class="externalLink">ASF</a>
<li >
<a href="CallForLogo.html" title="Call For Logo">Call For Logo</a>
<li >
<a href="NewsArchive.html" title="News archive">News archive</a>
<li class="active">
<a href="#" title="Security">Security</a>
<li >
<a href="commercial-support.html" title="Commercial Support">Commercial Support</a>
<div class="span3 bottom-nav">
<ul class="nav nav-list">
<li class="nav-header">Installation</li>
<li >
<a href="installation.html" title="Installation">Installation</a>
<li >
<a href="Upgrade.html" title="Upgrade">Upgrade</a>
<li >
<a href="" title="Tutorials" class="externalLink">Tutorials</a>
<li >
<a href="CommandLineAdmin.html" title="Command Line Admin">Command Line Admin</a>
<div class="span3 bottom-nav">
<ul class="nav nav-list">
<li class="nav-header">Community</li>
<li >
<a href="get-involved.html" title="Get Involved">Get Involved</a>
<li >
<a href="team-list.html" title="Committers">Committers</a>
<li >
<a href="mail-lists.html" title="Mailing Lists">Mailing Lists</a>
<li >
<a href="" title="Wiki" class="externalLink">Wiki</a>
<div class="span3 bottom-nav">
<ul class="nav nav-list">
<li class="nav-header">Development</li>
<li >
<a href="source-repository.html" title="Source Code">Source Code</a>
<li >
<a href="issue-tracking.html" title="Bugs / Issues">Bugs / Issues</a>
<li >
<a href="dependencies.html" title="Dependencies">Dependencies</a>
<li >
<a href="integration.html" title="Continuous Integration">Continuous Integration</a>
<li >
<a href="BuildInstructions_3.0.x.html" title="Build Instructions 3.0.x">Build Instructions 3.0.x</a>
<li >
<a href="BuildInstructions.html" title="Build Instructions">Build Instructions</a>
<li >
<a href="JUnitTesting.html" title="JUnit Testing">JUnit Testing</a>
<li >
<a href="ManualTesting.html" title="Manual Testing">Manual Testing</a>
<li >
<a href="ReleaseGuide.html" title="Release Guide">Release Guide</a>
<li >
<a href="WebsiteGuide.html" title="Website Guide">Website Guide</a>
<div class="container subfooter">
<div class="row">
<div class="span12">
<p class="pull-right"><a href="#">Back to top</a></p>
<p class="copyright">Copyright &copy;2012-2017 <a href="">Apache Software Foundation</a>. All Rights Reserved.</p>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src=".//js/jquery.min.js"></script>
<script src=".//js/bootstrap.min.js"></script>
<script src=".//js/lightbox.min.js"></script>
<script src=".//js/reflow-scroll.js"></script>
<script src=".//js/jquery-ui.min.js" type="text/javascript"></script>
<script src=".//js/netcalc.js" type="text/javascript"></script>
<script src=".//js/reflow-skin.js"></script>