====================================================================

                                CERT-Renater

                    Note d'Information No. 2016/VULN388
_____________________________________________________________________

DATE                : 15/11/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Openmeetings versions 3.1
                                   prior to 3.1.2.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/201611.mbox/%3cCAJmbs8i2AFb9ddx2HDSea-XLkR7rRFeM05epxtQzDzSa6ZST3A@mail.gmail.com%3e
____________________________________________________________________

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: Apache Openmeetings is vulnerable to Remote Code
Execution via RMI deserialization attack

The issue was fixed in 3.1.2

All users are recommended to upgrade to Apache OpenMeetings 3.1.3

Credit: This issue was identified by Jacob Baines, Tenable Network
Security

Apache OpenMeetings Team


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================