Vulnerabilities > CVE-2013-1651 - Cryptographic Issues vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
open-xchange
CWE-310
exploit available

Summary

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

descriptionOpen-Xchange Server 6 - Multiple Vulnerabilities. CVE-2013-1645,CVE-2013-1646,CVE-2013-1647,CVE-2013-1648,CVE-2013-1649,CVE-2013-1650,CVE-2013-1651. Webapps ...
idEDB-ID:24791
last seen2016-02-03
modified2013-03-15
published2013-03-15
reporterMartin Braun
sourcehttps://www.exploit-db.com/download/24791/
titleOpen-Xchange Server 6 - Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/120785/openxchange-xsstraversal.txt
idPACKETSTORM:120785
last seen2016-12-05
published2013-03-14
reporterMartin Braun
sourcehttps://packetstormsecurity.com/files/120785/Open-Xchange-6-XSS-LFI-SSRF-Hashing.html
titleOpen-Xchange 6 XSS / LFI / SSRF / Hashing

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:78479
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-78479
titleOpen-Xchange Server 6 - Multiple Vulnerabilities