PT-2013-5341 · Open Xchange+1 · Open-Xchange Appsuite+1
Tobias
·
Published
2013-09-05
·
Updated
2013-10-08
·
CVE-2013-5035
CVSS v2.0
4.9
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
HtmlCleaner versions prior to 2.6
Open-Xchange AppSuite version 7.2.2 before rev13
Description
The issue is related to multiple race conditions that can be exploited by remote authenticated users. This can happen in opportunistic circumstances by leveraging the lack of thread safety. The exploitation can occur through a rapid series of operations, such as mail-sending or draft-saving. This allows attackers to read the private e-mail of other persons.
Recommendations
For HtmlCleaner versions prior to 2.6, update to version 2.6 or later to resolve the issue.
For Open-Xchange AppSuite version 7.2.2 before rev13, apply rev13 or later to fix the problem.
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Htmlcleaner
Open-Xchange Appsuite