Vulnerabilities > CVE-2016-4047 - XXE vulnerability in Open-Xchange Appsuite 7.8.1

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

open-xchange

CWE-611

NVD

Published: 2016-12-15

Updated: 2018-10-19

Summary

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.

Vulnerable Configurations

Part	Description	Count
Application	Open-Xchange Open Xchange Open Xchange Appsuite 7.8.1	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Packetstorm

data source	https://packetstormsecurity.com/files/download/137599/openxchange781-disclose.txt
id	PACKETSTORM:137599
last seen	2016-12-05
published	2016-06-22
reporter	Martin Heiland
source	https://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html
title	Open-Xchange App Suite 7.8.1 Information Disclosure