PT-2017-17884 · Apache · Apache Openmeetings

Publicado

2017-07-14

Atualizado

2022-05-13

CVE-2017-7685

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings version 1.0.0

Description The issue concerns Apache OpenMeetings responding to insecure HTTP methods. Specifically, it responds to PUT, DELETE, HEAD, and PATCH methods.

Recommendations For Apache OpenMeetings version 1.0.0, restrict access to the insecure HTTP methods to minimize the risk of exploitation. Consider disabling the PUT, DELETE, HEAD, and PATCH methods until a secure configuration or patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2017-7685

GHSA-2C3P-9J5F-33G3

Produtos afetados

Apache Openmeetings

PT-2017-17884 · Apache · Apache Openmeetings

CVE-2017-7685

Identificadores relacionados

Produtos afetados

Referências · 6