====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN546
_____________________________________________________________________

DATE                : 28/09/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Openmeetings versions prior
                                        to 5.0.1.

=====================================================================
http://mail-archives.apache.org/mod_mbox/openmeetings-user/202009.mbox/%3cCAJmbs8gwABHu-mqC06BHkapyfZFEJ0Ki9jbP7HHhfPKFS80nmg@mail.gmail.com%3e
_____________________________________________________________________

Severity: High

Vendor: The Apache Software Foundation

Versions Affected: 4.0.0 - 5.0.0

Description: NetTest web service can be used to perform Denial of
Service attack
CVE-2020-13951

The issue was fixed in 5.0.1
All users are recommended to upgrade to Apache OpenMeetings 5.0.1

Credit: This issue was identified by Trung Le, Chi Tran, Ngo Van Thien


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================