CVE-2013-5035

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.

Published: Sep 5, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-5035
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
htmlcleaner_project / htmlcleaner	-	2.5.x
htmlcleaner_project / htmlcleaner	0.8	0.8.x
htmlcleaner_project / htmlcleaner	0.9	0.9.x
htmlcleaner_project / htmlcleaner	1.0	1.0.x
htmlcleaner_project / htmlcleaner	1.0.5	1.0.5.x
htmlcleaner_project / htmlcleaner	1.1	1.1.x
htmlcleaner_project / htmlcleaner	1.2	1.2.x
htmlcleaner_project / htmlcleaner	1.3	1.3.x
htmlcleaner_project / htmlcleaner	1.4	1.4.x
htmlcleaner_project / htmlcleaner	1.5	1.5.x
htmlcleaner_project / htmlcleaner	1.6	1.6.x
htmlcleaner_project / htmlcleaner	1.12	1.12.x
htmlcleaner_project / htmlcleaner	1.13	1.13.x
htmlcleaner_project / htmlcleaner	1.55	1.55.x
htmlcleaner_project / htmlcleaner	2.0	2.0.x
htmlcleaner_project / htmlcleaner	2.1	2.1.x
htmlcleaner_project / htmlcleaner	2.2	2.2.x
htmlcleaner_project / htmlcleaner	2.2.1	2.2.1.x
htmlcleaner_project / htmlcleaner	2.4	2.4.x
open-xchange / open-xchange_appsuite	7.2.2	7.2.2.x

Vulnerability Database

CVE-2013-5035