CVE-2023-41705

MEDIUM

Open-xchange Appsuite < 7.6.3 - Denial of Service

Title source: rule

Description

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.

References (3)

[Vendor Advisory] https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json

[Release Notes] https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf

[Mailing List] http://seclists.org/fulldisclosure/2024/Feb/10

Scores

CVSS v3 6.5

EPSS 0.0033

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-400

Status published

Affected Products (50)

open-xchange/open-xchange_appsuite < 7.6.3

open-xchange/open-xchange_appsuite

... and 35 more

Timeline

Published Feb 12, 2024

Tracked Since Feb 18, 2026