CVE-2013-6009

Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite versions prior to 7.2.2

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet when AJP is used in certain conditions.

Recommendations For versions prior to 7.2.2, update to version 7.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of AJP in certain conditions to minimize the risk of exploitation.