CVE-2017-7684

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGH

EPSS

1.5%

top 18.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Openmeetings Apache Openmeetings

Timeline

PublishedJul 17

Latest updateMay 13

Description

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.openmeetings:openmeetings-parent1.0.0 — 3.3.0

▶NVDapache/openmeetings21 versions+20

▶CVEListV5apache_software_foundation/apache_openmeetings1.0.0

🔴Vulnerability Details

OSV

Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption↗2022-05-13

▶

GHSA

Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption↗2022-05-13

▶

CVEList

CVE-2017-7684: Apache OpenMeetings 1↗2017-07-14

▶