Apache OpenMeetings is vulnerable to denial of service. The vulnerability exists in NetTestWebService.java
because the net test client count and max upload file size is not limited which leads to an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
openmeetings | le | 6.2.0-RC3 | |
openmeetings | le | 6.2.0-RC3 |
packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html
github.com/advisories/GHSA-g37q-26qx-8v2m
github.com/apache/openmeetings/commit/060a3114ad759931aeb42cd9afa9d1ebb39d3075
github.com/apache/openmeetings/commit/afe26c950b127776f2dfe920abff41a584874de8
github.com/apache/openmeetings/commit/cbdfd2f9731a8fe3daa9b4adf5da4a063fde161d
issues.apache.org/jira/browse/OPENMEETINGS-2551
lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E
openmeetings.apache.org/security.html#cve-2021-27576---apache-openmeetings-bandwidth-can