VYPR
Unrated severityNVD Advisory· Published Sep 5, 2013· Updated Jun 16, 2026

CVE-2013-2582

CVE-2013-2582

Description

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.

Affected products

9
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*
  • Range: >=6.22.0 <6.22.0 rev15, >=6.22.1 <6.22.1 rev17, >=7.0.1 <7.0.1 rev6, >=7.0.2 <7.0.2 rev7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.