OpenCVE

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Htmlcleaner Project	Htmlcleaner
Open-xchange	Open-xchange Appsuite

Configuration 1 [-]

AND

OR	cpe:2.3:a:htmlcleaner_project:htmlcleaner::::::::
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.8:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.9:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0.5:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.1:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.2:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.3:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.4:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.5:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.6:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.12:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.13:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.55:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.0:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.1:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2.1:::::::*
	cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.4:::::::*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html
http://sourceforge.net/p/htmlcleaner/bugs/86/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-09-05T10:00:00Z

Updated: 2024-09-17T01:46:33.498Z

Reserved: 2013-08-02T00:00:00Z

Link: CVE-2013-5035

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-09-05T11:44:57.830

Modified: 2024-11-21T01:56:56.947

Link: CVE-2013-5035

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object