CVE-2013-2582 — Code Injection in Appsuite

CWE-94 — Code Injection3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 52.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite Open-xchange Server

Timeline

PublishedSep 5

Latest updateMay 17

Description

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDopen-xchange/open-xchange_server4 versions+3

▶NVDopen-xchange/open-xchange_appsuite4 versions+3

🔴Vulnerability Details

GHSA

GHSA-w8qh-rq5m-7q5m: CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6↗2022-05-17

▶

CVEList

CVE-2013-2582: CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6↗2013-09-05

▶