CVE-2013-6009

2013-10-0319:55:21

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

48.8%

JSON

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.

Affected configurations

Nvd

Node

open-xchangeopen-xchange_appsuiteRange≤7.2.1

open-xchangeopen-xchange_appsuiteMatch6.20.7

open-xchangeopen-xchange_appsuiteMatch6.22.0

open-xchangeopen-xchange_appsuiteMatch6.22.1

open-xchangeopen-xchange_appsuiteMatch7.0.1

open-xchangeopen-xchange_appsuiteMatch7.0.2

open-xchangeopen-xchange_appsuiteMatch7.2.0

VendorProductVersionCPE
open-xchangeopen-xchange_appsuite*cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite6.20.7cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite6.22.0cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite6.22.1cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.0.1cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.0.2cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.2.0cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
open-xchange	open-xchange_appsuite	*	cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::
open-xchange	open-xchange_appsuite	6.20.7	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:::::::*
open-xchange	open-xchange_appsuite	6.22.0	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:::::::*
open-xchange	open-xchange_appsuite	6.22.1	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:::::::*
open-xchange	open-xchange_appsuite	7.0.1	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:::::::*
open-xchange	open-xchange_appsuite	7.0.2	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:::::::*
open-xchange	open-xchange_appsuite	7.2.0	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:::::::*