Vulnerability Description
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange | Open-Xchange Appsuite | <= 7.4.1 |
References
- http://seclists.org/bugtraq/2014/Jan/57
- http://www.osvdb.org/102194
- http://www.securityfocus.com/bid/65015
- http://www.securitytracker.com/id/1029650
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90543
- http://seclists.org/bugtraq/2014/Jan/57
- http://www.osvdb.org/102194
- http://www.securityfocus.com/bid/65015
- http://www.securitytracker.com/id/1029650
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90543
FAQ
What is CVE-2013-7140?
CVE-2013-7140 is a vulnerability with a CVSS score of 4.0 (MEDIUM). XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors relate...
How severe is CVE-2013-7140?
CVE-2013-7140 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7140?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.