Lucene search
MitreCVELIST:CVE-2013-1648HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-1648
2022-10-0316:14:48
mitre
www.cve.org
open-xchange server
subscriptions feature
security vulnerability
remote authenticated users
arbitrary tcp traffic
crafted source field
server-side request forging
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a “Server-side request forging (SSRF)” issue.
Related
cve
cve
CVE-2013-1648
2022-10-03 16:14:48
nvd
nvd
CVE-2013-1648
2013-09-05 11:44:57
prion
prion
Design/Logic Flaw
2013-09-05 11:44:00
openvas
openvas
Open-Xchange Server Multiple Vulnerabilities (Mar 2013) - Active Check
2013-03-18 00:00:00
securityvulns
securityvulns
Open-Xchange Security Advisory 2013-03-13
2013-05-06 00:00:00
exploitpack
exploitpack
Open-Xchange Server 6 - Multiple Vulnerabilities
2013-03-15 00:00:00
seebug
seebug
Open-Xchange Server 6 - Multiple Vulnerabilities
2014-07-01 00:00:00
packetstorm
packetstorm
Open-Xchange 6 XSS / LFI / SSRF / Hashing
2013-03-14 00:00:00
exploitdb
exploitdb
Open-Xchange Server 6 - Multiple Vulnerabilities
2013-03-15 00:00:00