CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-1647

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.0%

CVSS Severity

CVSS v2 Score 5.0

References

http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html
http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html

Products affected by CVE-2013-1647

Open-Xchange » Open-Xchange Server » Version: 6.20.7

cpe:2.3:a:open-xchange:open-xchange_server:6.20.7
Open-Xchange » Open-Xchange Server » Version: 6.22.0

cpe:2.3:a:open-xchange:open-xchange_server:6.22.0
Open-Xchange » Open-Xchange Server » Version: 6.22.1

cpe:2.3:a:open-xchange:open-xchange_server:6.22.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-1647

Products

Pricing

Contact Us