CVE-2017-7664
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
Known Affected Software
8 configuration(s) from 1 vendor(s)
openmeetings
Version:
3.1.2
CPE:
cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*
openmeetings
Version:
3.2.1
CPE:
cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*
openmeetings
Version:
3.1.5
CPE:
cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*
openmeetings
Version:
3.1.4
CPE:
cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*
openmeetings
Version:
3.1.0
CPE:
cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*
openmeetings
Version:
3.1.1
CPE:
cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*
openmeetings
Version:
3.2.0
CPE:
cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*
openmeetings
Version:
3.1.3
CPE:
cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*
This vulnerability affects 8 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://markmail.org/message/cwr552iapmhukb45security@apache.org Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/99576security@apache.org Third Party Advisory VDB Entry
-
http://markmail.org/message/cwr552iapmhukb45af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/99576af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-611
Improper Restriction of XML External Entity Reference
- Description
- The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- July 17, 2017
