Description

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

Remediation

References

http://openmeetings.apache.org/security.html

http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html

http://www.securityfocus.com/archive/1/537887/100/0/threaded

https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG

Related Vulnerabilities

CVE-2018-1000614 Vulnerability in maven package org.onosproject:onos-netconf-provider-alarm

CVE-2014-125087 Vulnerability in maven package com.jamesmurty.utils:java-xmlbuilder

CVE-2017-16008 Vulnerability in maven package org.webjars.bower:i18next

CVE-2017-4971 Vulnerability in maven package org.springframework.webflow:spring-webflow

CVE-2017-7545 Vulnerability in maven package org.jbpm:jbpm-designer-backend

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory