CVE-2013-2582 - OpenCVE

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Open-xchange	Open-xchange Appsuite Open-xchange Server

Configuration 1 [-]

OR	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:::::::*
	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:::::::*
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:::::::*
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-09-05T10:00:00Z

Updated: 2024-09-16T18:08:06.780Z

Reserved: 2013-03-15T00:00:00Z

Link: CVE-2013-2582

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-09-05T11:44:57.587

Modified: 2013-09-26T16:47:00.267

Link: CVE-2013-2582

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-05T10:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20130417 Open-Xchange Security Advisory 2013-04-17", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2582", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130417 Open-Xchange Security Advisory 2013-04-17", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:44:32.235Z"}, "title": "CVE Program Container", "references": [{"name": "20130417 Open-Xchange Security Advisory 2013-04-17", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2582", "datePublished": "2013-09-05T10:00:00Z", "dateReserved": "2013-03-15T00:00:00Z", "dateUpdated": "2024-09-16T18:08:06.780Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "58989467-7850-4D91-86D4-524EBE325869", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "BED21777-8642-49AC-A99F-87ED9B21FE14", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F5500DAF-78C2-4E30-AB1C-EF623C43956B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en el servlet para redirigir en Open-Xchange AppSuite y Server anterior a v6.22.0 rev15, v6.22.1 anterior a rev17, v7.0.1 anterior a rev6, y v7.0.2 anterior a rev7 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de redirecci\u00f3n abierta mediante el aprovechamiento de saneamiento inadecuado de espacios en blanco."}], "id": "CVE-2013-2582", "lastModified": "2013-09-26T16:47:00.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-05T11:44:57.587", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}