CVE-2022-0666
published 2022-02-18CVE-2022-0666: CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
PriorityP268high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
44.26%
98.6th percentile
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.2.11 | 1.2.11 |
| microweber | microweber | >= 0 < 1.2.11 | 1.2.11 |
| microweber | microweber_microweber | >= unspecified < 1.2.11 | 1.2.11 |
| octokit | octokit | >= 4.23.0 < 4.25.0 | 4.25.0 |
| octopoller_project | octopoller | >= 0.2.0 < 0.3.0 | 0.3.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets the /api/logout endpoint with a CRLF-encoded redirect_to parameter (%0d%0a) to inject a Set-Cookie header. Detect by monitoring HTTP responses for injected Set-Cookie headers originating from this endpoint. ↗
- →Match HTTP response headers for the regex pattern '^Set-Cookie: crlfinjection=1;' as a positive indicator of successful CRLF injection exploitation. ↗
- →Use Shodan query 'http.favicon.hash:780351152' or 'http.html:"microweber"' to identify exposed Microweber instances for targeted scanning. ↗
- →Use FOFA query 'icon_hash=780351152' or 'body="microweber"' to identify exposed Microweber instances. ↗
- ·Vulnerability affects Microweber versions prior to 1.2.11 only. Instances running 1.2.11 or later are not affected. ↗
- ·The injection vector is specifically the 'redirect_to' GET parameter on the /api/logout endpoint; other endpoints are not confirmed vulnerable by this CVE. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
cisa7.5HIGH
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Octopoller gem published with world-writable files
ghsa·2022-06-15
CVE-2022-31071 [LOW] CWE-276 Octopoller gem published with world-writable files
Octopoller gem published with world-writable files
### Impact
Version [0.2.0](https://rubygems.org/gems/octopoller/versions/0.2.0) of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644).
This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem.
Malicious code already present and running on your machine, separate from this package, could modify the gem’s files and change its behavior during runtime.
### Patches
* octopoller 0.3.0
### Workarounds
Users can use the previous version of the gem [v0.1.0](https://rubygems.o
GHSA
Octokit gem published with world-writable files
ghsa·2022-06-15
CVE-2022-31072 [LOW] CWE-276 Octokit gem published with world-writable files
Octokit gem published with world-writable files
### Impact
Versions [4.23.0](https://rubygems.org/gems/octokit/versions/4.23.0) and [4.24.0](https://rubygems.org/gems/octokit/versions/4.24.0) of the octokit gem were published containing world-writeable files.
Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem.
Malicious code already present and running on your machine, separate from this package, could modify the gem’s files and change its behavior during runtime.
### Patches
* [octokit 4.25.0](https://rubygems.org/gems/octok
GHSA
CRLF Injection in microweber
ghsa·2022-02-19
CVE-2022-0666 [HIGH] CWE-93 CRLF Injection in microweber
CRLF Injection in microweber
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
OSV
CRLF Injection in microweber
osv·2022-02-19
CVE-2022-0666 [HIGH] CRLF Injection in microweber
CRLF Injection in microweber
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
Red Hat
kernel: mm/mempolicy: fix mpol_new leak in shared_policy_replace
vendor_redhat·2025-02-26·CVSS 5.5
CVE-2022-49080 [MEDIUM] CWE-401 kernel: mm/mempolicy: fix mpol_new leak in shared_policy_replace
kernel: mm/mempolicy: fix mpol_new leak in shared_policy_replace
In the Linux kernel, the following vulnerability has been resolved:
mm/mempolicy: fix mpol_new leak in shared_policy_replace
If mpol_new is allocated but not used in restart loop, mpol_new will be
freed via mpol_put before returning to the caller. But refcnt is not
initialized yet, so mpol_put could not do the right things and might
leak the unused mpol_new. This would happen if mempolicy was updated on
the shared shmem file while the sp->lock has been dropped during the
memory allocation.
This issue could be triggered easily with the below code snippet if
there are many processes doing the below work at the same time:
shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);
shm = shmat(shmid, 0, 0);
loop many times {
CISA
Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
cisa·2022-03-25·CVSS 7.5
CVE-2015-0666 [HIGH] CWE-22 Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
Vulnerability: Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
Affected: Cisco Prime Data Center Network Manager (DCNM)
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-0666
Remediation Due Date: 2022-04-15
No detection rules found.
Nuclei
Microweber < 1.2.11 - CRLF Injection
nuclei·CVSS 7.5
CVE-2022-0666 [HIGH] Microweber < 1.2.11 - CRLF Injection
Microweber < 1.2.11 - CRLF Injection
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
Template:
id: CVE-2022-0666
info:
name: Microweber < 1.2.11 - CRLF Injection
author: ritikchaddha
severity: high
description: |
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
impact: |
Attackers can inject CRLF sequences via the redirect_to parameter to set arbitrary cookies or inject additional HTTP headers, potentially facilitating session hijacking or cache poisoning attacks.
remediation: |
Upgrade to Microweber version 1.2.11 or later.
reference:
- https://github.com/microweber/microweber/
https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55
2022-02-18
Published