CVE-2020-13951
published 2020-09-30CVE-2020-13951: Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
69.06%
99.3th percentile
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | openmeetings | 4.0.0 – 5.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?3-1.0-panel~main&app=network&navigatorAppName=Netscape&navigatorAppVersion=5.0 (Windows)&navigatorAppCodeName=Mozilla&navigatorCookieEnabled=true&navigatorJavaEnabled=false&navigatorLanguage=en-US&navigatorPlatform=Win32&navigatorUserAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0&screenWidth=1920&screenHeight=1080&screenColorDepth=24&jsTimeZone=Asia/Ho_Chi_Minh&utcOffset=7&utcDSTOffset=7&browserWidth=1920&browserHeight=966&hostname=x.x.x.x;ls&codebase=https://x.x.x.x:5443/openmeetings/hash&settings=[object Object]&_=1597801817026↗
- →Monitor GET requests to the NetTest/HashPage endpoint targeting the 'hostname' parameter with semicolon-delimited command injection payloads (e.g., ';ls'), which abuse the public NetTest web service to trigger DoS. ↗
- →The exploit targets the 'app=network' parameter context within the HashPage endpoint; correlate with the 'codebase' parameter pointing to port 5443 to identify exploitation attempts against Apache OpenMeetings instances. ↗
- ·The affected versions span Apache OpenMeetings 4.0.0 through 5.0.0; the NetTest web service endpoint is publicly accessible without authentication, making it exploitable without credentials. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Denial of service in Apache OpenMeetings
ghsa·2022-02-10
CVE-2020-13951 [HIGH] CWE-400 Denial of service in Apache OpenMeetings
Denial of service in Apache OpenMeetings
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
OSV
Denial of service in Apache OpenMeetings
osv·2022-02-10
CVE-2020-13951 [HIGH] Denial of service in Apache OpenMeetings
Denial of service in Apache OpenMeetings
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.htmlhttps://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3Ehttp://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.htmlhttps://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E
2020-09-30
Published