CVE-2013-1647
published 2013-09-05CVE-2013-1647: Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
1.80%
75.7th percentile
Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_server | — | — |
| open-xchange | open-xchange_server | — | — |
| open-xchange | open-xchange_server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xxgm-8gjh-jc3c: Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6
ghsa_unreviewed·2022-05-17
CVE-2013-1647 [MEDIUM] CWE-94 GHSA-xxgm-8gjh-jc3c: Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6
Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs.
Red Hat
mysql: unspecified DoS related to Server Optimizer (CPU July 2013)
vendor_redhat·2013-07-17·CVSS 4.0
CVE-2013-3804 [MEDIUM] mysql: unspecified DoS related to Server Optimizer (CPU July 2013)
mysql: unspecified DoS related to Server Optimizer (CPU July 2013)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Statement: This issue was addressed in the package mysql55-mysql as shipped with Red Hat Enterprise Linux 5 via RHEA-2013:1330. This issue was addressed in the package mysql as shipped with Red Hat Enterprise Linux 6 via RHBA-2013:1647.
Package: mysql (Red Hat Enterprise Linux 5) - Under investigation
Package: mysql51-mysql (Red Hat Enterprise Linux 5) - Affected
Red Hat
mysql: unspecified DoS related to Full Text Search (CPU July 2013)
vendor_redhat·2013-07-17·CVSS 4.0
CVE-2013-3802 [MEDIUM] mysql: unspecified DoS related to Full Text Search (CPU July 2013)
mysql: unspecified DoS related to Full Text Search (CPU July 2013)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
Statement: This issue was addressed in the package mysql55-mysql as shipped with Red Hat Enterprise Linux 5 via RHEA-2013:1330. This issue was addressed in the package mysql as shipped with Red Hat Enterprise Linux 6 via RHBA-2013:1647.
Package: mysql (Red Hat Enterprise Linux 5) - Under investigation
Package: mysql51-mysql (Red Hat Enterprise Linux 5) - Affected
Red Hat
mysql: geometry query crashes mysqld (CPU July 2013)
vendor_redhat·2013-03-05·CVSS 5.0
CVE-2013-1861 [MEDIUM] mysql: geometry query crashes mysqld (CPU July 2013)
mysql: geometry query crashes mysqld (CPU July 2013)
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
Statement: This issue was addressed in the package mysql55-mysql as shipped with Red Hat Enterprise Linux 5 via RHEA-2013:1330. This issue was addressed in the package mysql as shipped with Red Hat Enterprise Linux 6 via RHBA-2013:1647.
Package: mysql (Red Hat Enterprise Linux 5) - Under investigation
Pa
No detection rules found.
No writeups or analysis indexed.
2013-09-05
Published