CVE-2017-7684

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://markmail.org/message/v6dpmrdd6cgg66up	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/99584	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:openmeetings:1.0.0:::::::*
	cpe:2.3:a:apache:openmeetings:2.0:::::::*
	cpe:2.3:a:apache:openmeetings:2.1:::::::*
	cpe:2.3:a:apache:openmeetings:2.1.1:::::::*
	cpe:2.3:a:apache:openmeetings:2.2.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.1:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.2:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.3:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.4:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.5:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.6:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.7:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.1:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.2:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.3:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.4:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.5:::::::*
	cpe:2.3:a:apache:openmeetings:3.2.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.2.1:::::::*

History

No history.

Information

Published : 2017-07-17 13:18

Updated : 2024-02-28 16:04

NVD link : CVE-2017-7684

Mitre link : CVE-2017-7684

CVE.ORG link : CVE-2017-7684

JSON object : View

Products Affected

apache

openmeetings

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2017-7684", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-07-17T13:18:29.987", "references": [{"url": "http://markmail.org/message/v6dpmrdd6cgg66up", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://www.securityfocus.com/bid/99584", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."}, {"lang": "es", "value": "Apache OpenMeetings versi\u00f3n 1.0.0, no comprueba el contenido de los archivos que se est\u00e1n cargando. Un atacante puede causar una denegaci\u00f3n de servicio mediante la carga de m\u00faltiples archivos grandes en el servidor."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99"}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C"}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2"}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9"}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328"}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}