PT-2016-5403 · Open Xchange · Open-Xchange Appsuite

Published

2016-12-15

Updated

2018-10-19

CVE-2016-3174

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Open-Xchange OX AppSuite versions prior to 7.8.0-rev27

Description An issue in the "defer" servlet allows arbitrary URLs to be provided as redirection targets due to missing checks. This can trick users into following a link to a trustworthy domain but ending up at an unexpected service, potentially enhancing phishing attacks.

Recommendations For versions prior to 7.8.0-rev27, update to version 7.8.0-rev27 or later to resolve the issue. As a temporary workaround, consider restricting access to the "defer" servlet to minimize the risk of exploitation.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2016-3174

Affected Products

Open-Xchange Appsuite

PT-2016-5403 · Open Xchange · Open-Xchange Appsuite

CVE-2016-3174

Weakness Enumeration

Related Identifiers

Affected Products

References · 4