Lucene search
PRIOn knowledge basePRION:CVE-2013-1648HistorySep 05, 2013 - 11:44 a.m.
Design/Logic Flaw
2013-09-0511:44:00
PRIOn knowledge base
www.prio-n.com
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a “Server-side request forging (SSRF)” issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| open-xchange_server | eq | 6.22.1 | |
| open-xchange_server | eq | 6.20.7 | |
| open-xchange_server | eq | 6.22.0 |
Related
cve
cve
CVE-2013-1648
2022-10-03 16:14:48
cvelist
cvelist
CVE-2013-1648
2022-10-03 16:14:48
nvd
nvd
CVE-2013-1648
2013-09-05 11:44:57
openvas
openvas
Open-Xchange Server Multiple Vulnerabilities (Mar 2013) - Active Check
2013-03-18 00:00:00
exploitpack
exploitpack
Open-Xchange Server 6 - Multiple Vulnerabilities
2013-03-15 00:00:00
securityvulns
securityvulns
Open-Xchange Security Advisory 2013-03-13
2013-05-06 00:00:00
packetstorm
packetstorm
Open-Xchange 6 XSS / LFI / SSRF / Hashing
2013-03-14 00:00:00
seebug
seebug
Open-Xchange Server 6 - Multiple Vulnerabilities
2014-07-01 00:00:00
exploitdb
exploitdb
Open-Xchange Server 6 - Multiple Vulnerabilities
2013-03-15 00:00:00