Open-Xchange Server and OX App Suite Vulnerability (CVE-2014-9466)

Open-Xchange Server and OX App Suite Vulnerability (CVE-2014-9466)

Release date:
Updated on:

Affected Systems:
Open-xchange Open-Xchange Server <= 7.6.1
Open-xchange OX App Suite
Unaffected system:
Open-xchange Open-Xchange Server 7.6.1-rev14
Open-xchange Open-Xchange Server 7.6.0-rev36
Open-xchange Open-Xchange Server 7.4.2-rev42
Description:
Bugtraq id: 72587
CVE (CAN) ID: CVE-2014-9466

Open-Xchange Server is a part of Open-source projects that mainly develop collaborative software, such as email and calendar. OX App Suite is a modular platform that provides cloud services.

Open-Xchange Server 6 and earlier versions, OX AppSuite 7.6.1 and earlier versions, the publishing mechanism allows external data users to share files, secure access through random hashing and only access to shared directories or files, the folder identifier is ignored. If you can access publishing information, you can access other non-publishing file content.

<* Source: Open-Xchange GmbH
*>

Suggestion:
Vendor patch:

Open-xchange
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.open-xchange.com/home.html

This article permanently updates the link address: