| |
Vulnerability CVE-2013-2582
Published: 2013-09-05
Description: |
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters. |
See advisories in our WLB2 database: | Topic | Author | Date |
Low |
| Martin Braun | 18.04.2013 |
Type:
CWE-94 (Improper Control of Generation of Code ('Code Injection'))
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|