5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.146 Low
EPSS
Percentile
95.8%
Apache OpenMeetings is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
CPE = "cpe:/a:apache:openmeetings";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.112065");
script_version("2023-03-31T10:19:34+0000");
script_tag(name:"last_modification", value:"2023-03-31 10:19:34 +0000 (Fri, 31 Mar 2023)");
script_tag(name:"creation_date", value:"2017-10-05 15:09:22 +0200 (Thu, 05 Oct 2017)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-10-09 19:58:00 +0000 (Tue, 09 Oct 2018)");
script_cve_id("CVE-2016-0783", "CVE-2016-0784", "CVE-2017-2163", "CVE-2016-2164");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Apache OpenMeetings < 3.1.1 Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_apache_openmeetings_http_detect.nasl");
script_mandatory_keys("apache/openmeetings/detected");
script_tag(name:"summary", value:"Apache OpenMeetings is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following vulnerabilities exist:
- CVE-2016-0783: The hash generated by the external password reset function is generated by
concatenating the user name and the current system time, and then hashing it using MD5. This is
highly predictable and can be cracked in seconds by an attacker with knowledge of the user name
of an OpenMeetings user.
- CVE-2016-0784: The Import/Export System Backups functionality in the OpenMeetings
Administration menu is vulnerable to path traversal via specially crafted file names within ZIP
archives.
- CVE-2016-2163: When creating an event, it is possible to create clickable URL links in the
event description. These links will be present inside the event details once a participant enters
the room via the event. It is possible to create a link like 'javascript:alert('xss')', which
will execute once the link is clicked. As the link is placed within an <a> tag, the actual link
is not visible to the end user which makes it hard to tell if the link is legit or not.
- CVE-2016-2164: When attempting to upload a file via the API using the importFileByInternalUserId
or importFile methods in the FileService, it is possible to read arbitrary files from the system.
This is due to that Java's URL class is used without checking what protocol handler is specified
in the API call.");
script_tag(name:"affected", value:"Apache OpenMeetings prior to version 3.1.1.");
script_tag(name:"solution", value:"Update to version 3.1.1 or later.");
script_xref(name:"URL", value:"https://openmeetings.apache.org/security.html");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port:port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "3.1.1")) {
report = report_fixed_ver(installed_version: version, fixed_version: "3.1.1", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.146 Low
EPSS
Percentile
95.8%