cbcvebase.
CVE-2020-13951
published 2020-09-30

CVE-2020-13951: Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.

PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
69.06%
99.3th percentile
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.

Affected

1 ranges
VendorProductVersion rangeFixed in
apacheopenmeetings4.0.0 – 5.0.0

Detection & IOCsextracted from sources · hover to see the quote

url/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?3-1.0-panel~main&app=network&navigatorAppName=Netscape&navigatorAppVersion=5.0 (Windows)&navigatorAppCodeName=Mozilla&navigatorCookieEnabled=true&navigatorJavaEnabled=false&navigatorLanguage=en-US&navigatorPlatform=Win32&navigatorUserAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0&screenWidth=1920&screenHeight=1080&screenColorDepth=24&jsTimeZone=Asia/Ho_Chi_Minh&utcOffset=7&utcDSTOffset=7&browserWidth=1920&browserHeight=966&hostname=x.x.x.x;ls&codebase=https://x.x.x.x:5443/openmeetings/hash&settings=[object Object]&_=1597801817026
path/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage
commandhostname=x.x.x.x;ls
port5443
  • Monitor GET requests to the NetTest/HashPage endpoint targeting the 'hostname' parameter with semicolon-delimited command injection payloads (e.g., ';ls'), which abuse the public NetTest web service to trigger DoS.
  • The exploit targets the 'app=network' parameter context within the HashPage endpoint; correlate with the 'codebase' parameter pointing to port 5443 to identify exploitation attempts against Apache OpenMeetings instances.
  • ·The affected versions span Apache OpenMeetings 4.0.0 through 5.0.0; the NetTest web service endpoint is publicly accessible without authentication, making it exploitable without credentials.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.