CVE-2016-0784

MEDIUM

Apache OpenMeetings <3.1.1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.

Exploits (1)

exploitdb WRITEUP

by Andreas Lindh · textwebappslinux

https://www.exploit-db.com/exploits/39642

View Code ZIP pw:eip

References (7)

[Various Sources] http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code

[Patch, Vendor Advisory] http://openmeetings.apache.org/security.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html

[Vendor Advisory] https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/537929/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39642/

[Mailing List] http://www.openwall.com/lists/oss-security/2016/03/25/2

Scores

CVSS v3 6.5

EPSS 0.0607

EPSS Percentile 90.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-22

Status draft

Affected Products (2)

apache/openmeetings < 3.1.0

org.apache.openmeetings/openmeetings-install < 3.1.1Maven

Timeline

Published Apr 11, 2016

Tracked Since Feb 18, 2026