CVE-2013-1648 - Vulnerability Details - OpenCVE

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Open-xchange	Open-xchange Server

Configuration 1 [-]

OR	cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-09-05T10:00:00Z

Updated: 2024-09-16T21:04:26.510Z

Reserved: 2013-02-11T00:00:00Z

Link: CVE-2013-1648

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-09-05T11:44:57.450

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-1648

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a \"Server-side request forging (SSRF)\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-05T10:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20130313 Open-Xchange Security Advisory 2013-03-13", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1648", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a \"Server-side request forging (SSRF)\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130313 Open-Xchange Security Advisory 2013-03-13", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:32.531Z"}, "title": "CVE Program Container", "references": [{"name": "20130313 Open-Xchange Security Advisory 2013-03-13", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1648", "datePublished": "2013-09-05T10:00:00Z", "dateReserved": "2013-02-11T00:00:00Z", "dateUpdated": "2024-09-16T21:04:26.510Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:*:*:*:*:*:*:*", "matchCriteriaId": "EE83E623-175D-4F81-B92E-C170FDD896EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "58989467-7850-4D91-86D4-524EBE325869", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "BED21777-8642-49AC-A99F-87ED9B21FE14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a \"Server-side request forging (SSRF)\" issue."}, {"lang": "es", "value": "La caracter\u00edstica Subscriptions en Open-Xchange Server anterior a 6.20.7 rev14, 6.22.0 anterior a rev13, y 6.22.1 anterior a rev14, no valida adecuadamente la URL de publicaci\u00f3n origen, lo que permite a usuarios autenticados remotamente provocar una salida de tr\u00e1fico TCP arbitraria a trav\u00e9s de un campo \"Source\" manipulado, como se demostr\u00f3 con (1) una ftp: URL, (2) una gopher: URL, o (3) una http://127.0.0.1/ URL, relacionado con un problema de \"Server-side request forging (SSRF)\"."}], "id": "CVE-2013-1648", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-09-05T11:44:57.450", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}