CVE-2022-35507

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.

Una vulnerabilidad de inyección CRLF de encabezado de respuesta en la interfaz web Proxmox Virtual Environment (PVE) y Proxmox Mail Gateway (PMG) permite a un atacante remoto configurar cookies para el navegador de una víctima que son más largas de lo que espera el servidor, lo que provoca un DoS del lado del cliente. Esto afecta a los navegadores basados en Chromium porque permiten la inyección de encabezados de respuesta con %0d. Esto se solucionó en pve-http-server 4.1-3.

*Credits: N/A

CVSS Scores

NISTv3.1 7.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-11 CVE Reserved
2022-12-04 CVE Published
2024-06-26 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CAPEC

References (2)

URL	Tag	Source
https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=936007ae0241811093155000486da171379c23c2

URL	Date	SRC
https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Proxmox Search vendor "Proxmox"		Proxmox Mail Gateway Search vendor "Proxmox" for product "Proxmox Mail Gateway"				-		-		Affected
Proxmox Search vendor "Proxmox"		Pve Http Server Search vendor "Proxmox" for product "Pve Http Server"				< 4.1-3 Search vendor "Proxmox" for product "Pve Http Server" and version " < 4.1-3"		-		Affected
Proxmox Search vendor "Proxmox"		Virtual Environment Search vendor "Proxmox" for product "Virtual Environment"				-		-		Affected