Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open-Xchange Server 安全绕过漏洞
Vulnerability Description
Open-Xchange Server是美国Open-Xchange公司的一个半开源项目。该项目主要用于开发协同软件,例如电子邮件、日历等。 Open-Xchange Server 6.22.1-rev13及之前的版本中的Subscriptions功能中存在服务器端请求伪造漏洞,该漏洞源于程序没有正确验证出版源的URL。远程授权的攻击者可通过特制的Source字段利用该漏洞发送任意请求到第三方机器,借助(1)ftp: URL,(2)gopher: URL或(3)http://127.0.0.1/ URL调
CVSS Information
N/A
Vulnerability Type
N/A