SecuritySpace - CVE-2014-2392

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-2392

Description: The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-2392
Bugtraq: 20140408 Open-Xchange Security Advisory 2014-04-08 (Google Search)
http://www.securityfocus.com/archive/1/531762

CVE ID:	CVE-2014-2392
Description:	The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2392 Bugtraq: 20140408 Open-Xchange Security Advisory 2014-04-08 (Google Search) http://www.securityfocus.com/archive/1/531762