CVE-2013-2582: Code Injection
First published: Thu Sep 05 2013(Updated: )
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-xchange Open-xchange Appsuite | =6.22.0 | |
| Open-xchange Open-xchange Appsuite | =6.22.1 | |
| Open-xchange Open-xchange Appsuite | =7.0.1 | |
| Open-xchange Open-xchange Appsuite | =7.0.2 | |
| Open-xchange Open-xchange Server | =6.22.0 | |
| Open-xchange Open-xchange Server | =6.22.1 | |
| Open-xchange Open-xchange Server | =7.0.1 | |
| Open-xchange Open-xchange Server | =7.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/open-xchange
- canonical/open-xchange open-xchange appsuite
- version/open-xchange open-xchange appsuite/6.22.0
- version/open-xchange open-xchange appsuite/6.22.1
- version/open-xchange open-xchange appsuite/7.0.1
- version/open-xchange open-xchange appsuite/7.0.2
- canonical/open-xchange open-xchange server
- version/open-xchange open-xchange server/6.22.0
- version/open-xchange open-xchange server/6.22.1
- version/open-xchange open-xchange server/7.0.1
- version/open-xchange open-xchange server/7.0.2