CVE-2016-6852: Infoleak
First published: Thu Dec 15 2016(Updated: )
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-Xchange App Suite Backend | <=7.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6852?
CVE-2016-6852 is classified as a medium severity vulnerability due to potential information disclosure.
How do I fix CVE-2016-6852?
To resolve CVE-2016-6852, upgrade Open-Xchange OX App Suite to version 7.8.2-rev9 or later.
What software is affected by CVE-2016-6852?
CVE-2016-6852 affects Open-Xchange OX App Suite versions prior to 7.8.2-rev8.
What type of vulnerability is CVE-2016-6852?
CVE-2016-6852 is a path traversal and information disclosure vulnerability.
Can exploitation of CVE-2016-6852 lead to further attacks?
Yes, exploitation of CVE-2016-6852 can allow attackers to gain insights into the system, potentially leading to more serious attacks.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/open-xchange
- canonical/open-xchange app suite backend
- version/open-xchange app suite backend/7.8.2