Vulnerability Details : CVE-2013-5035
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
Exploit prediction scoring system (EPSS) score for CVE-2013-5035
Probability of exploitation activity in the next 30 days: 0.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5035
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:N |
6.8
|
4.9
|
NIST |
CWE ids for CVE-2013-5035
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5035
-
http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html
Exploit
-
http://sourceforge.net/p/htmlcleaner/bugs/86/
HtmlCleaner / Bugs / #86 v2.5 NOT thread safeExploit
Products affected by CVE-2013-5035
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:*:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.55:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.1:*:*:*:*:*:*:*