CVE-2018-5753
published 2018-06-16CVE-2018-5753: The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows…
PriorityP344medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
EXPLOIT
EPSS
8.39%
94.3th percentile
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | <= 7.6.3 | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_cisco5.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8rfv-4356-35qw: The frontend component in Open-Xchange OX App Suite before 7
ghsa_unreviewed·2022-05-14
CVE-2018-5753 [MEDIUM] CWE-20 GHSA-8rfv-4356-35qw: The frontend component in Open-Xchange OX App Suite before 7
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
Cisco
CPU Side-Channel Information Disclosure Vulnerabilities
vendor_cisco·2018-01-05·CVSS 5.6
CVE-2017-5715 [MEDIUM] CWE-200 CPU Side-Channel Information Disclosure Vulnerabilities
CPU Side-Channel Information Disclosure Vulnerabilities
On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.
The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre. The third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way that speculative execution is exploited.
To exploit any
Suricata
ET EXPLOIT Possible Spectre PoC Download In Progress
suricata·2018-01-10
CVE-2017-5753 ET EXPLOIT Possible Spectre PoC Download In Progress
ET EXPLOIT Possible Spectre PoC Download In Progress
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Spectre PoC Download In Progress"; flow:established,to_client; flowbits:isset,ET.http.binary; file.data; content:"|E7 03 00 00|"; content:"|48 0F AE|"; distance:17; within:9; pcre:"/^[\x30-\x3f\x7D]/Rs"; content:"|48 0F AE 3D|"; distance:41; within:10; content:"|48 98|"; distance:64; within:22; content:"|0F 01 F9|"; distance:50; within:9; content:"|0F 01 F9|"; distance:30; within:9; reference:cve,2017-5753; reference:cve,2017-5715; classtype:attempted-admin; sid:2025196; rev:3; metadata:attack_target Client_Endpoint, created_at 2018_01_10, cve CVE_2017_5753, deployment Perimeter, malware_family Spectre_Exploit, performance_impact Low, confidence Medium, signat
Suricata
ET WEB_CLIENT Spectre Exploit Javascript
suricata·2018-01-09
CVE-2017-5753 ET WEB_CLIENT Spectre Exploit Javascript
ET WEB_CLIENT Spectre Exploit Javascript
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Spectre Exploit Javascript"; flow:established,to_client; file.data; content:"0x1000000"; fast_pattern; pcre:"/(?[^=\s]*)\s*=\s*0x1000000.+?\x28\s*\x28\s*\x28\s*\w+\s*<<\s*12\s*\x29\s*\|\s*0\s*\x29\s*\+\s*(?P=var1)\s*\x29\s*\|\s*0/s"; reference:cve,2017-5753; reference:cve,2017-5715; reference:url,github.com/cgvwzq/spectre; classtype:attempted-user; sid:2025188; rev:7; metadata:affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2018_01_09, cve CVE_2017_5753, deployment Perimeter, performance_impact Moderate, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_03_14;)
Exploit-DB
OX App Suite 7.8.4 - Multiple Vulnerabilities
exploitdb·2018-06-12·CVSS 5.4
CVE-2018-5756 [MEDIUM] OX App Suite 7.8.4 - Multiple Vulnerabilities
OX App Suite 7.8.4 - Multiple Vulnerabilities
---
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: 55872 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.8.4 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.3-rev30, 7.8.2-rev30, 7.8.3-rev36, 7.8.4-rev18
Vendor notification: 2017-10-18
Solution date: 2018-02-08
Public disclosure: 2018-06-08
CVE reference: CVE-2018-5754
CVSS: n/a
Vulnerability Details:
Internet Explorer does not properly support modern Content Security Policies ("CSP"), which act as a failsafe for certain XSS attacks. Since the "Open in Browser" feature is a potential attack vector to inject malicious content, we removed that option at the user in
Exploit-DB
Multiple CPUs - 'Spectre' Information Disclosure
exploitdb·2018-01-03
CVE-2017-5753 Multiple CPUs - 'Spectre' Information Disclosure
Multiple CPUs - 'Spectre' Information Disclosure
---
/*
EDB Note:
- https://spectreattack.com/
- https://spectreattack.com/spectre.pdf
- https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html
*/
#include
#include
#include
#ifdef _MSC_VER
#include /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include /* for rdtscp and clflush */
#endif
/********************************************************************
Victim code.
********************************************************************/
unsigned int array1_size = 16;
uint8_t unused1[64];
uint8_t array1[160] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 };
uint8_t unused2[64];
uint8_t array2[256 * 512];
char *secret = "The Magic Words are Squeamish Ossifrage.";
uint8_t temp = 0; /* Used so
Bugzilla
firefox: mitigations against spectre via javascript
bugzilla·2018-01-08·CVSS 5.6
CVE-2017-5754 [MEDIUM] firefox: mitigations against spectre via javascript
firefox: mitigations against spectre via javascript
Mozilla has issued an advisory (mfsa2018-01) for Firefox 57.0.4 that implements a short term mitigation for spectre based javascript attacks.
CVE-2017-5754 CVE-2017-5753
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
Discussion:
(In reply to Sam Fowler from comment #3)
> "The precision of performance.now() has been reduced from 5μs to 20μs"
According to the following Mozilla blog post:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
this mitigation is going to be include in 52 ESR in version 52.6 ESR.
---
Statement:
Mozilla has confirmed that similar to "Meltdown" and "Spectre" which are a new class of timing attacks which affect modern CPUs, it is possible t
Qualys
Processor Vulnerabilities - Meltdown and Spectre | Qualys
blogs_qualys·2018-01-04·CVSS 5.6
CVE-2017-5754 [MEDIUM] Processor Vulnerabilities - Meltdown and Spectre | Qualys
UPDATE 1/4/2018: Qualys has released several QIDs for detecting missing patches for these vulnerabilities.
UPDATE 1/5/2018: Pre-built AssetView dashboards to visualize impact and remediation progress.
Vulnerabilities potentially impacting all major processor vendors were disclosed today by Google Project Zero. These vulnerabilities have been named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715). Organizations should inventory their systems by processor type, apply vendor patches as they become available, and track their progress. This article describes how Qualys can help in all three areas.
### Overview
Meltdown allows any application to access all system memory, including memory allocated for the kernel. Mitigation for this vulnerability will require operating sy
Sentinelone
SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes
blogs_sentinelone·2018-01-04·CVSS 5.6
CVE-2017-5753 [MEDIUM] SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes
This document covers SentinelOne’s response to exploit flaws described in CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.
SentinelOne products are compatible with Microsoft’s January 3, 2018, security updates. We tested our Agent against Microsoft’s patch. No incompatibilities causing any stop errors or other issues were found with SentinelOne agent versions 1.8.4, 2.0, 2.1 and 2.5.
## Overview
Microsoft, Google, Linux RedHat and Amazon have all acknowledged a new, publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks,” which affect many modern processors and operating systems including Intel, AMD, and ARM. This issue may also affect other systems, such as Android, Chrome, iOS, MacOS.
## Possible collision with security applications
Mi
http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.htmlhttp://seclists.org/fulldisclosure/2018/Jun/23https://www.exploit-db.com/exploits/44881/http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.htmlhttp://seclists.org/fulldisclosure/2018/Jun/23https://www.exploit-db.com/exploits/44881/
2018-06-16
Published