漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
漏洞信息
N/A
漏洞
N/A
漏洞
Open-Xchange AppSuite 信息泄露漏洞
漏洞信息
Open-Xchange AppSuite(OX AppSuite)是美国Open-Xchange公司的一套Web云桌面环境。该环境允许用户更直观的管理电子邮件、任务和文件等。 Open-Xchange AppSuite 7.2.2及之前版本,7.4.1和7.4.2版本的密码恢复服务中存在信息泄露漏洞,该漏洞源于修改用户密码以后,GET请求参数中包含密码。远程攻击者可通过读取Web服务器访问日志,Web服务器Referer日志或浏览历史利用该漏洞获取敏感信息。
漏洞信息
N/A
漏洞
N/A