Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1647Code Injection in Server

CWE-94Code Injection7 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.5%
top 19.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange Server
Timeline
PublishedSep 5
Latest updateMay 17

Description

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDopen-xchange/open-xchange_server6.20.7, 6.22.0, 6.22.1+2

🔴Vulnerability Details

2
GHSA
GHSA-xxgm-8gjh-jc3c: Multiple CRLF injection vulnerabilities in Open-Xchange Server before 62022-05-17
CVEList
CVE-2013-1647: Multiple CRLF injection vulnerabilities in Open-Xchange Server before 62013-09-05

💥Exploits & PoCs

1
Exploit-DB
Open-Xchange Server 6 - Multiple Vulnerabilities2013-03-15

📋Vendor Advisories

3
Red Hat
mysql: unspecified DoS related to Server Optimizer (CPU July 2013)2013-07-17
Red Hat
mysql: unspecified DoS related to Full Text Search (CPU July 2013)2013-07-17
Red Hat
mysql: geometry query crashes mysqld (CPU July 2013)2013-03-05
CVE-2013-1647 — Code Injection in Open-xchange Server | cvebase