CVE-2016-4047

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.
Configurations

Configuration 1 (hide)

cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev7:*:*:*:*:*:*

History

21 Nov 2024, 02:51

Type Values Removed Values Added
References () http://www.securityfocus.com/archive/1/538732/100/0/threaded - () http://www.securityfocus.com/archive/1/538732/100/0/threaded -
References () http://www.securitytracker.com/id/1036157 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1036157 - Third Party Advisory, VDB Entry

Information

Published : 2016-12-15 06:59

Updated : 2024-11-21 02:51


NVD link : CVE-2016-4047

Mitre link : CVE-2016-4047

CVE.ORG link : CVE-2016-4047


JSON object : View

Products Affected

open-xchange

  • open-xchange_appsuite
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-611

Improper Restriction of XML External Entity Reference