{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"}, {"name": "20130816 Open-Xchange Security Advisory 2013-08-16", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5035", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://sourceforge.net/p/htmlcleaner/bugs/86/", "refsource": "CONFIRM", "url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"}, {"name": "20130816 Open-Xchange Security Advisory 2013-08-16", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-5035", "datePublished": "2022-10-03T16:14:55", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:*:*:*:*:*:*:*:*", "matchCriteriaId": "5882C53B-466C-42FB-86CC-BD06F7E4DAC9", "versionEndIncluding": "2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "0927237D-D5A1-46EB-BAE5-46888187F4E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "22472444-4FA4-47F3-9A3D-AA0C0BA4A7DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B38D323C-AC7D-4573-B37A-9B42B43128C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "30FBBEAA-8044-4CC4-BE57-E885BEE0E1C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA8CCDED-AD24-4685-B9CF-6E2A2CD1FAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0309A401-A4EE-4907-B6C8-9ACF4909CACD", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "30ED8AE2-C1B7-49C9-9196-9569635FE983", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "6022A958-C784-4DE8-B152-2A4F70CEA815", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "D996193D-7C15-40FF-8676-FCC1666CAFED", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "25672975-0F1E-4EA5-8DC8-46B6BAFFC160", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "C60A95E6-A414-410A-BC7F-57A1347076DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "75310C21-E572-450A-86B6-D56403D6D810", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.55:*:*:*:*:*:*:*", "matchCriteriaId": "EB3DCA01-9BAC-4638-8645-223E83FC90B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C12A5B4-FC2F-4F30-AF32-8EF3A06FB24D", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D76FD62-6CC5-40B4-BC1E-BBD8A9EDB63A", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2DA9B3BB-8A31-4F1F-B564-9B8A21C2859F", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC9A5D0D-F6C3-4D8E-99D6-BD10911F3E7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2510FA1-B868-402E-8298-2AB521442D7C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de condici\u00f3n de carrera en HtmlCleaner anterior a v2.6, como es utilizado en Open-Xchange AppSuite v7.2.2 anterior a rev13 y otros productos, permiten a los usuarios remotos autenticados leer el correo electr\u00f3nico privado de otras personas en situaciones oportunistas, mediante el aprovechamiento de la falta de seguridad de los subprocesos y la realizaci\u00f3n de una serie r\u00e1pida de (1) env\u00edo de emails o (2) operaciones de guardado de borradores."}], "evaluatorImpact": "CVSS score reflects vendor comments provided in http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html", "id": "CVE-2013-5035", "lastModified": "2013-10-08T17:33:56.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-05T11:44:57.830", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}