Vulnerabilities > CVE-2013-1651 - Cryptographic Issues vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Exploit-Db
| description | Open-Xchange Server 6 - Multiple Vulnerabilities. CVE-2013-1645,CVE-2013-1646,CVE-2013-1647,CVE-2013-1648,CVE-2013-1649,CVE-2013-1650,CVE-2013-1651. Webapps ... |
| id | EDB-ID:24791 |
| last seen | 2016-02-03 |
| modified | 2013-03-15 |
| published | 2013-03-15 |
| reporter | Martin Braun |
| source | https://www.exploit-db.com/download/24791/ |
| title | Open-Xchange Server 6 - Multiple Vulnerabilities |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/120785/openxchange-xsstraversal.txt |
| id | PACKETSTORM:120785 |
| last seen | 2016-12-05 |
| published | 2013-03-14 |
| reporter | Martin Braun |
| source | https://packetstormsecurity.com/files/120785/Open-Xchange-6-XSS-LFI-SSRF-Hashing.html |
| title | Open-Xchange 6 XSS / LFI / SSRF / Hashing |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:78479 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-78479 |
| title | Open-Xchange Server 6 - Multiple Vulnerabilities |