Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29834
HistoryOct 01, 2013 - 12:00 a.m.

Open-Xchange Security Advisory 2013-09-10

2013-10-0100:00:00
vulners.com
13
JSON

Product: Open-Xchange AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 28260 (Bug ID)
Vulnerability type: CWE-16: Configuration, CWE-287: Improper Authentication, CWE-200: Information Exposure
Vulnerable version: 7.0.0 to 7.2.2
Vulnerable component: backend (default configuration)
Fixed version: 7.0.2-rev15, 7.2.2-rev16
Solution status: Fixed by Vendor
Vendor notification: 2013-08-13
Solution date: 2013-08-27
Public disclosure: 2013-09-10
CVE reference: CVE-2013-5200
CVSSv2: 5.6 (AV:N/AC:L/Au:N/C:P/I:P/A:N/E:POC/RL:U/RC:C/CDP:MH/TD:M/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Multiple vulnerabilities have been discovered regarding the Hazelcast based cluster API implementation at the Open-Xchange backend.
CWE-16 (Configuration): By default, the cluster implementation listens to all available network interfaces at port 5701/tcp. This may include interfaces that are exposed to potentially hostile networks.
CWE-287 (Improper Authentication): By default, the REST and memcache interfaces do not require authentication to access the cluster API to gain or inject information. Joining potentially rogue nodes to the cluster using the native Hazelcast API is possible by using a hardcoded password that's exposed by the source code.
CWE-200 (Information Exposure): The cluster API exposes several critical information such as runtime data, network information. In cases where a distributed session storage is used, session information of logged in users may be accessed as well. Unnecessary APIs for memcache and REST are exposed.

Risk:
When running the Open-Xchange backend on a network that's directly attached to the Internet or other potentially hostile networks, an attacker may access and inject critical information. The exposed API could be used to influence systems availability by injecting arbitrary data or disconnect cluster nodes.

Steps to reproduce:

  1. Use a Java, C#, REST or memcache client to access the Hazelcast API
  2. Execute commands specified by the Hazelcast API documentation

Proof of concept:
The issue has been reproduced using various REST client calls. For example, use a HTTP GET request to gain network and status information about the cluster.

GET http://server:5701/hazelcast/rest/cluster/
Cluster [1] {
Member [192.168.13.37]:5701 this
}
ConnectionCount: 1
AllConnectionCount: 1

Solution:
Update to 7.0.2-rev15 or 7.2.2-rev16
When operating any kind of network services, make sure to apply proper port filtering

Related

packetstorm 1
prion 4
cve 4
openvas 1
securityvulns 1
packetstorm
packetstorm
Open-Xchange AppSuite 7.2.2 Improper Authentication / Information Disclosure
2013-09-10 00:00:00
prion
prion
Authentication flaw
2013-09-25 10:31:00
Hardcoded credentials
2013-09-25 10:31:00
Hardcoded credentials
2013-09-25 10:31:00
cve
cve
CVE-2013-5200
2013-09-25 10:31:00
CVE-2013-5934
2013-09-25 10:31:00
CVE-2013-5935
2013-09-25 10:31:00
openvas
openvas
Open-Xchange (OX) AppSuite Multiple Vulnerabilities -03 Nov15
2015-11-02 00:00:00
securityvulns
securityvulns
Open-Xchange multiple security vulnerabilities
2013-11-18 00:00:00
JSON
Related for SECURITYVULNS:DOC:29834
packetstorm1prion4cve4openvas1securityvulns1