PT-2013-3294 · Open Xchange · Open-Xchange Server
Publicado
2013-09-05
·
Atualizado
2013-09-26
·
CVE-2013-1647
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Open-Xchange Server versions prior to 6.20.7 rev14
Open-Xchange Server versions 6.22.0 prior to rev13
Open-Xchange Server versions 6.22.1 prior to rev14
Description
The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter. This can be demonstrated by exploiting the
location parameter to /ajax/redirect or multiple infostore URIs.Recommendations
For Open-Xchange Server versions prior to 6.20.7 rev14, update to version 6.20.7 rev14 or later.
For Open-Xchange Server versions 6.22.0 prior to rev13, update to version 6.22.0 rev13 or later.
For Open-Xchange Server versions 6.22.1 prior to rev14, update to version 6.22.1 rev14 or later.
Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Open-Xchange Server