CVE-2016-4047: Infoleak
First published: Thu Dec 15 2016(Updated: )
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-Xchange App Suite Backend | <=7.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4047?
CVE-2016-4047 has been rated as a medium severity vulnerability.
How do I fix CVE-2016-4047?
To fix CVE-2016-4047, upgrade Open-Xchange App Suite to version 7.8.1-rev8 or later.
What types of files are affected by CVE-2016-4047?
CVE-2016-4047 affects .docx and .xlsx files that contain external Open XML document type definitions.
Who is affected by CVE-2016-4047?
Any user of Open-Xchange App Suite versions prior to 7.8.1-rev8 is affected by CVE-2016-4047.
What kind of attacks can CVE-2016-4047 facilitate?
CVE-2016-4047 can facilitate attacks that involve security issues arising from the incorrect parsing of external resources within document files.
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/open-xchange
- canonical/open-xchange app suite backend
- version/open-xchange app suite backend/7.8.1