Arbitrary File Read Vulnerability in Apache OpenMeetings SOAP API

Arbitrary File Read Vulnerability in Apache OpenMeetings SOAP API

CVE-2016-2164 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

Learn more about our Cis Benchmark Audit For Apache Http Server.