Lucene search
MitreCVE-2023-24604HistoryMay 29, 2023 - 3:15 a.m.
CVE-2023-24604
2023-05-2903:15:09
mitre
web.nvd.nist.gov
24
cve-2023-24604
ox app suite
security vulnerability
http header
ical feed
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
40.4%
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.
Affected configurations
Node
open-xchangeox_app_suiteRange<7.10.6
ORopen-xchangeox_app_suiteMatch7.10.6-
ORopen-xchangeox_app_suiteMatch7.10.6rev01
ORopen-xchangeox_app_suiteMatch7.10.6rev02
ORopen-xchangeox_app_suiteMatch7.10.6rev03
ORopen-xchangeox_app_suiteMatch7.10.6rev04
ORopen-xchangeox_app_suiteMatch7.10.6rev05
ORopen-xchangeox_app_suiteMatch7.10.6rev06
ORopen-xchangeox_app_suiteMatch7.10.6rev07
ORopen-xchangeox_app_suiteMatch7.10.6rev08
ORopen-xchangeox_app_suiteMatch7.10.6rev09
ORopen-xchangeox_app_suiteMatch7.10.6rev10
ORopen-xchangeox_app_suiteMatch7.10.6rev11
ORopen-xchangeox_app_suiteMatch7.10.6rev12
ORopen-xchangeox_app_suiteMatch7.10.6rev13
ORopen-xchangeox_app_suiteMatch7.10.6rev14
ORopen-xchangeox_app_suiteMatch7.10.6rev15
ORopen-xchangeox_app_suiteMatch7.10.6rev16
ORopen-xchangeox_app_suiteMatch7.10.6rev17
ORopen-xchangeox_app_suiteMatch7.10.6rev18
ORopen-xchangeox_app_suiteMatch7.10.6rev19
ORopen-xchangeox_app_suiteMatch7.10.6rev20
ORopen-xchangeox_app_suiteMatch7.10.6rev21
ORopen-xchangeox_app_suiteMatch7.10.6rev22
ORopen-xchangeox_app_suiteMatch7.10.6rev23
ORopen-xchangeox_app_suiteMatch7.10.6rev24
ORopen-xchangeox_app_suiteMatch7.10.6rev25
ORopen-xchangeox_app_suiteMatch7.10.6rev26
ORopen-xchangeox_app_suiteMatch7.10.6rev27
ORopen-xchangeox_app_suiteMatch7.10.6rev28
ORopen-xchangeox_app_suiteMatch7.10.6rev29
ORopen-xchangeox_app_suiteMatch7.10.6rev30
ORopen-xchangeox_app_suiteMatch7.10.6rev31
ORopen-xchangeox_app_suiteMatch7.10.6rev32
ORopen-xchangeox_app_suiteMatch7.10.6rev33
ORopen-xchangeox_app_suiteMatch7.10.6rev34
ORopen-xchangeox_app_suiteMatch7.10.6rev35
ORopen-xchangeox_app_suiteMatch7.10.6rev36
ORopen-xchangeox_app_suiteMatch7.10.6rev37
| Vendor | Product | Version | CPE |
|---|---|---|---|
| open-xchange | ox_app_suite | * | cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2023-05-29 03:15:00
cvelist
cvelist
CVE-2023-24604
2023-05-29 00:00:00
nvd
nvd
CVE-2023-24604
2023-05-29 03:15:09
osv
osv
CVE-2023-24604
2023-05-29 03:15:09
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
40.4%
Related for CVE-2023-24604