Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803182 |
Kategorie: | Web application abuses |
Titel: | Open-Xchange Server Multiple Vulnerabilities |
Zusammenfassung: | This host is running Open-Xchange Server and is prone to multiple; vulnerabilities. |
Beschreibung: | Summary: This host is running Open-Xchange Server and is prone to multiple vulnerabilities. Vulnerability Insight: - Input passed via arbitrary GET parameters to /servlet/TestServlet is not properly sanitized before being returned to the user. - Input related to the 'Source' field when creating subscriptions is not properly sanitized before being used. This can be exploited to perform arbitrary HTTP GET requests to remote and local servers. - The OXUpdater component does not properly validate the SSL certificate of an update server. This can be exploited to spoof update packages via a MitM (Man-in-the-Middle) attack. - The application creates the /opt/open-exchange/etc directory with insecure world-readable permissions. This can be exploited to disclose certain sensitive information. - Input passed via the 'location' GET parameter to /ajax/redirect is not properly sanitized before being used to construct HTTP response headers. - Certain input related to RSS feed contents is not properly sanitized before being used. This can be exploited to insert arbitrary HTML and script code. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML or web script in a user's browser session in context of an affected site, compromise the application and access or modify data in the database. Affected Software/OS: Open-Xchange Server versions prior to 6.20.7-rev14, 6.22.0-rev13 and 6.22.1-rev14. Solution: Update to versions 6.20.7-rev14, 6.22.0-rev13, or 6.22.1-rev14. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N |
Querverweis: |
BugTraq ID: 58465 BugTraq ID: 58473 BugTraq ID: 58475 BugTraq ID: 58469 BugTraq ID: 58470 Common Vulnerability Exposure (CVE) ID: CVE-2013-1646 Bugtraq: 20130313 Open-Xchange Security Advisory 2013-03-13 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1647 Common Vulnerability Exposure (CVE) ID: CVE-2013-1648 Common Vulnerability Exposure (CVE) ID: CVE-2013-1650 Common Vulnerability Exposure (CVE) ID: CVE-2013-1651 |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |