CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2013-09-05 11:44
Updated : 2024-02-28 12:00
NVD link : CVE-2013-2582
Mitre link : CVE-2013-2582
CVE.ORG link : CVE-2013-2582
JSON object : View
Products Affected
open-xchange
- open-xchange_appsuite
- open-xchange_server
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')