製品・ソフトウェアに関する情報
Open-Xchange の OX App Suite におけるリソースの枯渇に関する脆弱性
Title Open-Xchange の OX App Suite におけるリソースの枯渇に関する脆弱性
Summary

Open-Xchange の OX App Suite には、リソースの枯渇に関する脆弱性が存在します。

Possible impacts サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution

ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。

Publication Date Nov. 2, 2023, midnight
Registration Date Dec. 28, 2023, 3:47 p.m.
Last Update Dec. 28, 2023, 3:47 p.m.
CVSS3.0 : 警告
Score 4.3
Vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected System
Open-Xchange
OX App Suite 7.10.6
OX App Suite 7.10.6 未満
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
その他
Change Log
No Changed Details Date of change
1 [2023年12月28日]
  掲載
Dec. 28, 2023, 3:47 p.m.

NVD Vulnerability Information
CVE-2023-29046
Summary

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.

Publication Date Nov. 2, 2023, 11:15 p.m.
Registration Date Nov. 3, 2023, 10 a.m.
Last Update Nov. 21, 2024, 4:56 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:* 7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List