SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Open-Xchange Vendors:   Open-Xchange Inc.
Open-Xchange Input Validation Flaw Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1029554
SecurityTracker URL:  http://securitytracker.com/id/1029554
CVE Reference:   CVE-2013-6997   (Links to External Site)
Date:  Jan 7 2014
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.4.0 and prior
Description:   A vulnerability was reported in Open-Xchange. A remote user can conduct cross-site scripting attacks.

A remote user can send specially crafted CSS code with wildcard characters via an HTML email to cause the AppSuite web interface to appear modified to the target user.

The software does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL (within an office document) that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Open-Xchange software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Open-Xchange software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued a fix (7.4.0-rev21, 7.4.1-rev9).
Vendor URL:  www.open-xchange.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Open-Xchange Security Advisory 2014-01-06

Open-Xchange Security Advisory 2014-01-06

Product: Open-Xchange AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 30203 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: 7.4.0 and earlier
Vulnerable component: backend
Fixed version: 7.4.0-rev21, 7.4.1-rev9
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-12-06
Solution date: 2013-12-12
Public disclosure: 2014-01-06
CVE reference: CVE-2013-6997
CVSSv2: 4.1 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C/CDP:ND/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Embedding certain CSS code with wildcard characters within an HTML E-Mail can be used to modify the AppSuite web interface.

Risk:
Malicious CSS code gets applied to the default AppSuite web interface. This may be used to lure users to execute certain functions, phishing attempts or simply making the web interface dysfunctional.

Solution:
Users should update to the latest available patch releases. Users should avoid opening E-Mail attachments from untrusted sources. Users should disable rendering of the HTML content part of E-Mail.


Internal reference: 30098 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: 7.4.0 and earlier
Vulnerable component: office-web
Fixed version: 7.4.0-rev12, 7.4.1-rev6
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-11-29
Solution date: 2013-12-12
Public disclosure: 2014-01-06
CVE reference: CVE-2013-6997
CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Embedded JavaScript code within office documents gets executed when using crafted hyperlinks with script URL handlers.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The user has to actively click a malicious hyperlink in order to trigger the script code.

Solution:
Users should update to the latest available patch releases. Users should avoid opening office documents and hyperlinks from untrusted sources.
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC