CVE-2017-7684
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
Known Affected Software
21 configuration(s) from 1 vendor(s)
openmeetings
Version:
2.2.0
CPE:
cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*
openmeetings
Version:
3.0.7
CPE:
cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*
openmeetings
Version:
3.1.2
CPE:
cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*
openmeetings
Version:
2.0
CPE:
cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*
openmeetings
Version:
3.2.1
CPE:
cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*
openmeetings
Version:
3.1.5
CPE:
cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*
openmeetings
Version:
1.0.0
CPE:
cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*
openmeetings
Version:
3.1.4
CPE:
cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*
openmeetings
Version:
3.1.0
CPE:
cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*
openmeetings
Version:
2.1.1
CPE:
cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*
openmeetings
Version:
3.0.3
CPE:
cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*
openmeetings
Version:
3.0.6
CPE:
cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*
openmeetings
Version:
3.0.0
CPE:
cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*
openmeetings
Version:
3.0.5
CPE:
cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*
openmeetings
Version:
3.0.2
CPE:
cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*
openmeetings
Version:
3.0.1
CPE:
cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*
openmeetings
Version:
2.1
CPE:
cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*
openmeetings
Version:
3.0.4
CPE:
cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*
openmeetings
Version:
3.1.1
CPE:
cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*
openmeetings
Version:
3.2.0
CPE:
cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*
openmeetings
Version:
3.1.3
CPE:
cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*
This vulnerability affects 21 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://markmail.org/message/v6dpmrdd6cgg66upsecurity@apache.org Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/99584security@apache.org Third Party Advisory VDB Entry
-
http://markmail.org/message/v6dpmrdd6cgg66upaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/99584af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-400
Uncontrolled Resource Consumption
- Description
- The product does not properly control the allocation and maintenance of a limited resource.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- July 17, 2017
