Vulnerability Details CVE-2013-2582
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.8%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-2013-2582
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2
-
cpe:2.3:a:open-xchange:open-xchange_server:6.22.0
-
cpe:2.3:a:open-xchange:open-xchange_server:6.22.1
-
cpe:2.3:a:open-xchange:open-xchange_server:7.0.1
-
cpe:2.3:a:open-xchange:open-xchange_server:7.0.2