CVE-2017-7684 - OpenCVE

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Openmeetings

Configuration 1 [-]

OR	cpe:2.3:a:apache:openmeetings:1.0.0:::::::*
	cpe:2.3:a:apache:openmeetings:2.0:::::::*
	cpe:2.3:a:apache:openmeetings:2.1:::::::*
	cpe:2.3:a:apache:openmeetings:2.1.1:::::::*
	cpe:2.3:a:apache:openmeetings:2.2.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.1:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.2:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.3:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.4:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.5:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.6:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.7:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.1:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.2:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.3:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.4:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.5:::::::*
	cpe:2.3:a:apache:openmeetings:3.2.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.2.1:::::::*

References

Link	Resource
http://markmail.org/message/v6dpmrdd6cgg66up	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/99584	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2017-07-13T00:00:00

Updated: 2017-07-15T09:57:01

Reserved: 2017-04-11T00:00:00

Link: CVE-2017-7684

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-17T13:18:29.987

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-7684

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"containers": {"cna": {"affected": [{"product": "Apache OpenMeetings", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "1.0.0"}]}], "datePublic": "2017-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."}], "problemTypes": [{"descriptions": [{"description": "Insecure File Upload", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-15T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "99584", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99584"}, {"name": "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://markmail.org/message/v6dpmrdd6cgg66up"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-07-13T00:00:00", "ID": "CVE-2017-7684", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OpenMeetings", "version": {"version_data": [{"version_value": "1.0.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure File Upload"}]}]}, "references": {"reference_data": [{"name": "99584", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99584"}, {"name": "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload", "refsource": "MLIST", "url": "http://markmail.org/message/v6dpmrdd6cgg66up"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-7684", "datePublished": "2017-07-13T00:00:00", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2017-07-15T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."}, {"lang": "es", "value": "Apache OpenMeetings versi\u00f3n 1.0.0, no comprueba el contenido de los archivos que se est\u00e1n cargando. Un atacante puede causar una denegaci\u00f3n de servicio mediante la carga de m\u00faltiples archivos grandes en el servidor."}], "id": "CVE-2017-7684", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-17T13:18:29.987", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://markmail.org/message/v6dpmrdd6cgg66up"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99584"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}