Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-35507 PoC — Proxmox pve-http-server 注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-35507.yaml
Associated Vulnerability
Title:Proxmox pve-http-server 注入漏洞 (CVE-2022-35507)
Description:pve-http-server是Proxmox开源的一个虚拟化环境库。 Proxmox pve-http-server 存在安全漏洞,该漏洞源于Web界面中的响应标头存在CRLF注入漏洞,允许远程攻击者为受害者的浏览器设置比服务器预期更长的 cookie,从而导致客户端DoS。
Description
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.
File Snapshot

 id: CVE-2022-35507

info:
  name: Proxmox - CRLF Injection
  author: DhiyaneshDk
  severity: high
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.