PT-2013-3851 · Open Xchange · Open-Xchange Server+1

Published

2013-09-05

Updated

2013-09-26

CVE-2013-2582

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite and Server versions prior to 6.22.0 rev15 Open-Xchange AppSuite and Server versions 6.22.1 prior to rev17 Open-Xchange AppSuite and Server versions 7.0.1 prior to rev6 Open-Xchange AppSuite and Server versions 7.0.2 prior to rev7

Description The issue is related to a CRLF injection vulnerability in the redirect servlet. This vulnerability allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.

Recommendations For Open-Xchange AppSuite and Server versions prior to 6.22.0 rev15, update to version 6.22.0 rev15 or later. For Open-Xchange AppSuite and Server versions 6.22.1 prior to rev17, update to version 6.22.1 rev17 or later. For Open-Xchange AppSuite and Server versions 7.0.1 prior to rev6, update to version 7.0.1 rev6 or later. For Open-Xchange AppSuite and Server versions 7.0.2 prior to rev7, update to version 7.0.2 rev7 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-2582

Affected Products

Open-Xchange Appsuite

Open-Xchange Server

PT-2013-3851 · Open Xchange · Open-Xchange Server+1

CVE-2013-2582

Weakness Enumeration

Related Identifiers

Affected Products

References · 3