Vulnerability CVE-2013-5035


Published: 2013-09-05

Description:
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.

Type:

CWE-362

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Open-xchange -> Open-xchange appsuite 
Htmlcleaner -> Htmlcleaner 

 References:
http://sourceforge.net/p/htmlcleaner/bugs/86/
http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html

Copyright 2024, cxsecurity.com

 

Back to Top