CRLF Injection Vulnerability in Proxmox Virtual Environment and Proxmox Mail Gateway
CVE-2022-35507

7.1HIGH

Key Information:

Vendor: Proxmox
Status: Proxmox Mail Gateway; Pve Http Server; Virtual Environment
Vendor: CVE Published:; 4 December 2022

What is CVE-2022-35507?

A CRLF injection vulnerability exists in the web interface of Proxmox Virtual Environment and Proxmox Mail Gateway. This flaw enables remote attackers to manipulate response headers, potentially allowing them to set excessively long cookies in a victim's browser. The vulnerability primarily affects Chromium-based browsers, as they permit such header injections using the %0d character. As a result, users may experience denial-of-service (DoS) conditions on their clients. This issue has been addressed in version 4.1-3 of the pve-http-server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://git.proxmox.com/?p=pve-http-server.git%3Ba=commit...

https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-...

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2022
Vulnerability Reserved
Jul 11, 2022

JSON

Proxmox

What is CVE-2022-35507?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.