发布日期:2013-04-17
更新日期:2013-04-21受影响系统:
open-xchange Open-Xchange Server 7.x
open-xchange Open-Xchange Server 6.x
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 59283
CVE(CAN) ID: CVE-2013-2583
Open-Xchange Server是部分开源的项目,主要开发协同软件,例如电子邮件、日历等。
Open-Xchange Server和OX App Suite存在多个安全漏洞,恶意用户可利用这些漏洞执行脚本插入攻击和欺骗攻击。
此漏洞源于在首页某些输入之前,没有正确过滤共享URL相关的输入、传递到infostore模块的上传HTML文件、电子邮件签名、联系人图形等。这可造成执行任意HTML和脚本代码,然后在恶意数据被浏览后,在用户浏览器会话中执行。
<*来源:Martin Braun
链接:http://secunia.com/advisories/53128/
*>建议:
--------------------------------------------------------------------------------
厂商补丁:
open-xchange
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载6.20.7-rev16, 6.22.0-rev15, 6.22.1-rev17, 7.0.1-rev6, 7.0.2-rev7:
http://www.open-xchange.com/home.html
http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1381-2013-04-04.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1378-2013-04-04.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1379-2013-04-04.pdf
http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Public_Patch_Release_1376_2013-04-04.pdf
http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Public_Patch_Release_1377-2013-04-04.pdfOpen-Xchange Server和OX App Suite HTTP报文头注入漏洞(CVE-2013-2582)IBM WebSphere Application Server 跨站脚本漏洞(CVE-2013-0542)相关资讯 Open-Xchange
- Open-Xchange AppSuite 跨站脚本执 (01/23/2014 09:03:52)
- Open-Xchange 6.20.2 发布,群组软 (03/15/2012 15:32:53)
| - Open-Xchange Server和OX App (04/21/2013 08:37:47)
- Java群组软件 Open-Xchange (03/15/2012 15:30:53)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任<
|
易网时代-编程资源站