HomePentest-Tools.com Logo

Apache OpenMeetings < 3.3.0 Multiple Vulnerabilities CVE-2017-7666CVE-2017-7673CVE-2017-7680CVE-2017-7681CVE-2017-7683CVE-2017-7684CVE-2017-7685CVE-2017-7688

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache OpenMeetings is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2017-7666: Cross-site request forgery (CSRF), cross-site scripting (XSS), click-jacking and MIME based attacks - CVE-2017-7673: Use of not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection - CVE-2017-7680: Has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains. - CVE-2017-7681: SQL injection (SQLi) - CVE.2017-7683: Displays the Tomcat version and detailed error stack trace - CVE-2017-7684: Denial of service (DoS) - CVE-2017-7685: Responds to the following insecure HTTP Methods: PUT, DELETE, HEAD, and PATCH - Updates user password in insecure manner

Recommendation

Update to version 3.3.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 17, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available