Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-2391

EPSS 0.23% · P46
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-2391

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Open-Xchange AppSuite 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Open-Xchange AppSuite(OX AppSuite)是美国Open-Xchange公司的一套Web云桌面环境。该环境允许用户更直观的管理电子邮件、任务和文件等。 Open-Xchange AppSuite 7.2.2及之前版本,7.4.1和7.4.2版本的密码恢复服务中存在信息泄露漏洞,该漏洞源于修改用户密码以后,GET请求参数中包含密码。远程攻击者可通过读取Web服务器访问日志,Web服务器Referer日志或浏览历史利用该漏洞获取敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-2391

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-2391

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-04-17 · 20 CVEs total

CVE-2014-0984SAP Router ‘passwordCheck’函数信息泄露漏洞
CVE-2014-0645EMC Cloud Tiering Appliance 信任管理漏洞
CVE-2014-0644EMC Cloud Tiering Appliance XML外部实体注入漏洞
CVE-2014-2880Oracle Identity Manager 开放重定向漏洞
CVE-2014-2879Dell SonicWALL Email Security 跨站脚本漏洞
CVE-2014-2707Apple cups-filters 任意命令执行漏洞
CVE-2014-2469Oracle Solaris 拒绝服务漏洞
CVE-2014-2310Net-SNMP 输入验证漏洞
CVE-2014-1933Python Image Library和Pillow 权限许可和访问控制漏洞
CVE-2014-1932Python Image Library和Pillow 后置链接漏洞
CVE-2014-2392Open-Xchange AppSuite 信息泄露漏洞
CVE-2014-0111Apache Syncope 代码注入漏洞
CVE-2014-0085Apache Zookeeper 信任管理漏洞
CVE-2014-0071Red Hat OpenStack 权限许可和访问控制漏洞
CVE-2014-0054Vmware Spring Framework 跨站请求伪造漏洞
CVE-2014-0036rbovirt gem for Ruby 加密问题漏洞
CVE-2013-2143Katello和Red Hat Satellite 输入验证错误漏洞
CVE-2011-3154Ubuntu Update Manager敏感信息泄露漏洞
CVE-2014-2393Open-Xchange AppSuite 跨站脚本漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-2391

No comments yet

Leave a comment