PT-2014-4676 · Open Xchange · Open-Xchange Appsuite

Publicado

2014-04-17

Atualizado

2014-04-24

CVE-2014-2392

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite versions prior to 7.2.2-rev20 Open-Xchange AppSuite versions prior to 7.4.1-rev11 Open-Xchange AppSuite versions prior to 7.4.2-rev13

Description The E-Mail autoconfiguration feature in Open-Xchange AppSuite places a password in a GET request. This allows remote attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history.

Recommendations For versions prior to 7.2.2-rev20, update to version 7.2.2-rev20 or later. For versions prior to 7.4.1-rev11, update to version 7.4.1-rev11 or later. For versions prior to 7.4.2-rev13, update to version 7.4.2-rev13 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2014-2392

Produtos afetados

Open-Xchange Appsuite

PT-2014-4676 · Open Xchange · Open-Xchange Appsuite

CVE-2014-2392

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3