CVE-2013-6009
published 2013-10-03CVE-2013-6009: CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
0.96%
57.0th percentile
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | <= 7.2.1 | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rvv8-qh93-67vj: CRLF injection vulnerability in Open-Xchange AppSuite before 7
ghsa_unreviewed·2022-05-17
CVE-2013-6009 [MEDIUM] CWE-94 GHSA-rvv8-qh93-67vj: CRLF injection vulnerability in Open-Xchange AppSuite before 7
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
Kernel
HID: lenovo-tpkbd: validate output report details
kernel_security·2013-09-11·CVSS 4.7
CVE-2013-2894 [MEDIUM] HID: lenovo-tpkbd: validate output report details
HID: lenovo-tpkbd: validate output report details
A HID device could send a malicious output report that would cause the
lenovo-tpkbd HID driver to write just beyond the output report allocation
during initialization, causing a heap overflow:
[ 76.109807] usb 1-1: New USB device found, idVendor=17ef, idProduct=6009
...
[ 80.462540] BUG kmalloc-192 (Tainted: G W ): Redzone overwritten
CVE-2013-2894
Signed-off-by: Kees Cook
Cc: [email protected]
Signed-off-by: Benjamin Tissoires
Signed-off-by: Jiri Kosina
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-10-03
Published