You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2016/11/08 01:41:56 UTC
svn commit: r1768618 - in /openmeetings:
application/branches/3.1.x/openmeetings-server/src/site/xdoc/
application/branches/3.2.x/openmeetings-server/src/site/xdoc/
application/trunk/openmeetings-server/src/site/xdoc/ site/trunk/
Author: solomax
Date: Tue Nov 8 01:41:56 2016
New Revision: 1768618
URL: http://svn.apache.org/viewvc?rev=1768618&view=rev
Log:
no jira: CVE-2016-8736 is announced
Modified:
openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml
openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml
openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml
openmeetings/site/trunk/security.html
Modified: openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml?rev=1768618&r1=1768617&r2=1768618&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml Tue Nov 8 01:41:56 2016
@@ -39,6 +39,17 @@
Please NOTE: only security issues should be reported to this list.
</p>
</section>
+ <section name="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE">
+ <p>Severity: Moderate</p>
+ <p>Vendor: The Apache Software Foundation</p>
+ <p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+ <p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br/>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+ </p>
+ <p>The issue was fixed in 3.1.2<br/>
+ All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+ <p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+ </section>
<section name="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel">
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
Modified: openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml?rev=1768618&r1=1768617&r2=1768618&view=diff
==============================================================================
--- openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml (original)
+++ openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml Tue Nov 8 01:41:56 2016
@@ -39,6 +39,17 @@
Please NOTE: only security issues should be reported to this list.
</p>
</section>
+ <section name="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE">
+ <p>Severity: Moderate</p>
+ <p>Vendor: The Apache Software Foundation</p>
+ <p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+ <p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br/>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+ </p>
+ <p>The issue was fixed in 3.1.2<br/>
+ All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+ <p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+ </section>
<section name="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel">
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
Modified: openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml?rev=1768618&r1=1768617&r2=1768618&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml (original)
+++ openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml Tue Nov 8 01:41:56 2016
@@ -39,6 +39,17 @@
Please NOTE: only security issues should be reported to this list.
</p>
</section>
+ <section name="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE">
+ <p>Severity: Moderate</p>
+ <p>Vendor: The Apache Software Foundation</p>
+ <p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+ <p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br/>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+ </p>
+ <p>The issue was fixed in 3.1.2<br/>
+ All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+ <p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+ </section>
<section name="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel">
<p>Severity: Moderate</p>
<p>Vendor: The Apache Software Foundation</p>
Modified: openmeetings/site/trunk/security.html
URL: http://svn.apache.org/viewvc/openmeetings/site/trunk/security.html?rev=1768618&r1=1768617&r2=1768618&view=diff
==============================================================================
--- openmeetings/site/trunk/security.html (original)
+++ openmeetings/site/trunk/security.html Tue Nov 8 01:41:56 2016
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-09-23
+ | Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-11-08
| Rendered using Apache Maven Fluido Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -8,7 +8,7 @@
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="author" content="Apache OpenMeetings Team" />
- <meta name="Date-Revision-yyyymmdd" content="20160923" />
+ <meta name="Date-Revision-yyyymmdd" content="20161108" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache OpenMeetings Project – Security Vulnerabilities</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5.min.css" />
@@ -42,7 +42,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2016-09-23
+ <li id="publishDate">Last Published: 2016-11-08
</li>
@@ -785,6 +785,25 @@
</div>
<div class="section">
+<h2><a name="CVE-2016-8736_-_Apache_Openmeetings_RMI_Registry_Java_Deserialization_RCE"></a>CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE</h2>
+
+<p>Severity: Moderate</p>
+
+<p>Vendor: The Apache Software Foundation</p>
+
+<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+
+<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br />
+ <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+ </p>
+
+<p>The issue was fixed in 3.1.2<br />
+ All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+
+<p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+ </div>
+
+<div class="section">
<h2><a name="CVE-2016-3089_-_Apache_OpenMeetings_XSS_in_SWF_panel"></a>CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel</h2>
<p>Severity: Moderate</p>