Showing 1 - 1 of 1

CVE-2016-2164

Status Candidate

Overview

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

Related Files

Apache OpenMeetings 3.0.7 Arbitary File Read: Posted Mar 25, 2016; Authored by Andreas Lindh; When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the system. This is due to that Java's URL class is used without checking what protocol handler is specified in the API call. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.; tags | advisory, java, arbitrary, protocol; advisories | CVE-2016-2164; SHA-256 | c8dd487b97e1b03e9a3818c01b947705ae5bdeec150494b208e77bfa5c1dd41f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 251 files
Ubuntu 59 files
LiquidWorm 28 files
indoushka 20 files
Debian 18 files
Apple 10 files
Google Security Research 5 files
Chokri Hammedi 3 files
Alter Prime 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,153)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,749)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,187)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,958)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

CVE-2016-2164

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems