Security Advisory: 2017-02-02

##OpenMRS Security Advisory##

Severity: Low Exploit: allows anonymous users to see which module versions are installed

This exploit does not directly allow any attacks. It gives an attacker additional information about available attack surfaces.

##What versions are affected##

  • REST Web Services module, versions 2.15 and 2.16.
  • OpenMRS Platform, versions 2.0.1, 2.0.2, and 2.0.3
  • OpenMRS Reference Application, version 2.5


Anyone running versions 2.15 or 2.16 of the REST Web Services module should upgrade to the latest released version of the module (version 2.17 or above), which is available here.

This includes anyone who installed the most recent maintenance release of OpenMRS Platform or the most recent release of OpenMRS Reference Application.


This topic was automatically closed after 60 minutes. New replies are no longer allowed.