CVE-2013-2582

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:52

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html - () http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html -

Information

Published : 2013-09-05 11:44

Updated : 2024-11-21 01:52


NVD link : CVE-2013-2582

Mitre link : CVE-2013-2582

CVE.ORG link : CVE-2013-2582


JSON object : View

Products Affected

open-xchange

  • open-xchange_appsuite
  • open-xchange_server
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')