Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open-Xchange Server 多个CRLF注入漏洞
Vulnerability Description
Open-Xchange Server是美国Open-Xchange公司的一个半开源项目。该项目主要用于开发协同软件,例如电子邮件、日历等。 Open-Xchange Server 6.22.1-rev13及之前的版本中存在多个CRLF注入漏洞。远程攻击者可借助特制的参数(如向ajax/redirect链接传递‘location’参数),利用这些漏洞注入任意HTTP头并进行HTTP响应拆分攻击。
CVSS Information
N/A
Vulnerability Type
N/A