CVE-2014-5237

Severity

43%

Complexity

86%

Confidentiality

48%

CWE-918: Server-Side Request Forgery (SSRF)

Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.

CWE-918: Server-Side Request Forgery (SSRF)

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

Type

Open-Xchange App Suite

First reported 10 years ago

2014-12-01 15:59:00

Last updated 6 years ago

2018-12-18 14:42:00

Affected Software

Open-Xchange App Suite 7.4.2 Rev6

7.4.2

Open-Xchange App Suite 7.4.2 Rev7

7.4.2

Open-Xchange App Suite 7.4.2 Rev8

7.4.2

Open-Xchange App Suite 7.4.2 Rev9

7.4.2

Open-Xchange App Suite 7.6.0 Rev6

7.6.0

Open-Xchange App Suite 7.6.0 Rev7

7.6.0

Open-Xchange App Suite 7.6.0 Rev8

7.6.0

Open-Xchange App Suite 7.6.0 Rev9

7.6.0

References

http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html

Third Party Advisory, VDB Entry

http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf

Vendor Advisory

20140915 Open-Xchange Security Advisory 2014-09-15

Third Party Advisory, VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.