commit c5b23c382479279b6445ec4b2d2ba30473b11446
author Maxim Solodovnik <solomax@apache.org> Tue Nov 08 01:41:56 2016 +0000
committer Maxim Solodovnik <solomax@apache.org> Tue Nov 08 01:41:56 2016 +0000
tree f98d0d794aae738df3f0a7e0a9020c710f1b62e2
parent 9b38de26ae4600d98bedfb3d3a8e2988e048adf7

no jira: CVE-2016-8736 is announced

security.html

diff --git a/security.html b/security.html
index 21f040b..f0c7345 100644
--- a/security.html
+++ b/security.html
@@ -1,6 +1,6 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-09-23 
+ | Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-11-08 
  | Rendered using Apache Maven Fluido Skin 1.5
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -8,7 +8,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta name="author" content="Apache OpenMeetings Team" />
-    <meta name="Date-Revision-yyyymmdd" content="20160923" />
+    <meta name="Date-Revision-yyyymmdd" content="20161108" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Apache OpenMeetings Project &#x2013; Security Vulnerabilities</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.5.min.css" />
@@ -42,7 +42,7 @@
       <div id="breadcrumbs">
         <ul class="breadcrumb">
               
-                  <li id="publishDate">Last Published: 2016-09-23
+                  <li id="publishDate">Last Published: 2016-11-08
                    </li>
                       
               
@@ -785,6 +785,25 @@
 		</div>
 		
 <div class="section">
+<h2><a name="CVE-2016-8736_-_Apache_Openmeetings_RMI_Registry_Java_Deserialization_RCE"></a>CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE</h2>
+			
+<p>Severity: Moderate</p>
+			
+<p>Vendor: The Apache Software Foundation</p>
+			
+<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+			
+<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br />
+				<a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+			</p>
+			
+<p>The issue was fixed in 3.1.2<br />
+				All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+			
+<p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+		</div>
+		
+<div class="section">
 <h2><a name="CVE-2016-3089_-_Apache_OpenMeetings_XSS_in_SWF_panel"></a>CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel</h2>
 			
 <p>Severity: Moderate</p>