The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-04-11T14:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2016-01-29T00:00:00
Link: CVE-2016-2164
JSON object: View
NVD Information
Status : Modified
Published: 2016-04-11T14:59:09.410
Modified: 2018-10-09T19:59:35.053
Link: CVE-2016-2164
JSON object: View
Redhat Information
No data.
CWE