PT-2017-17884 · Apache · Apache Openmeetings

Published

2017-07-14

Updated

2022-05-13

CVE-2017-7685

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings version 1.0.0

Description The issue concerns Apache OpenMeetings responding to insecure HTTP methods. Specifically, it responds to PUT, DELETE, HEAD, and PATCH methods.

Recommendations For Apache OpenMeetings version 1.0.0, restrict access to the insecure HTTP methods to minimize the risk of exploitation. Consider disabling the PUT, DELETE, HEAD, and PATCH methods until a secure configuration or patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-7685

GHSA-2C3P-9J5F-33G3

Affected Products

Apache Openmeetings

PT-2017-17884 · Apache · Apache Openmeetings

CVE-2017-7685

Related Identifiers

Affected Products

References · 6