CVE-2021-27576

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGH

EPSS

4.5%

top 10.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Openmeetings Apache Openmeetings

Timeline

PublishedMar 15

Latest updateJun 16

Description

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_openmeetings4.0.0 — Apache OpenMeetings 4*+1

▶NVDapache/openmeetings4.0.0 — 6.0.0

▶Mavenorg.apache.openmeetings:openmeetings-parent4.0.0 — 6.0.0

🔴Vulnerability Details

OSV

Uncontrolled Resource Consumption in Apache OpenMeetings server↗2021-06-16

▶

GHSA

Uncontrolled Resource Consumption in Apache OpenMeetings server↗2021-06-16

▶

CVEList

Apache OpenMeetings: bandwidth can be overloaded with public web service↗2021-03-15

▶